On 04/02/2021 09:31, Hao Xu wrote: > Hi all, > Sorry for disturb all of you. Here comes my question. > When we close a uring file, we go into io_uring_flush(), > there is codes at the end: > > if (!(ctx->flags & IORING_SETUP_SQPOLL) || ctx->sqo_task == current) > io_uring_del_task_file(file); > > My understanding, this is to delete the ctx(associated with the uring > file) from current->io_uring->xa. > I'm thinking of this scenario: the task to close uring file is not the > one which created the uring file. > Then it doesn't make sense to delete the uring file from current->io_uring->xa. It should be "delete uring file from > ctx->sqo_task->io_uring->xa" instead. 1. It's not only about created or not, look for io_uring_add_task_file() call sites. 2. io_uring->xa is basically a map from task to used by it urings. Every user task should clean only its own context (SQPOLL task is a bit different), it'll be hell bunch of races otherwise. 3. If happens that it's closed by a task that has nothing to do with this ctx, then it won't find anything in its task->io_uring->xa, and so won't delete anything, and that's ok. io_uring->xa of sqo_task will be cleaned by sqo_task, either on another close() or on exit() (see io_uring_files_cancel). 4. There is a bunch of cases where that scheme doesn't behave nice, but at least should not leak/fault when all related tasks are killed. -- Pavel Begunkov
