Add a flag for marking a rsrc data quiescing to disallow doing it from
several tasks concurrently.
Cc: Hao Xu <haoxu@xxxxxxxxxxxxxxxxx>
Fixes: 853a012bdbddce869561 ("io_uring: fix io_rsrc_ref_quiesce races")
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
fs/io_uring.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index f3af499b12a9..ff8f50d3cf44 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -236,6 +236,7 @@ struct fixed_rsrc_data {
struct fixed_rsrc_ref_node *node;
struct percpu_ref refs;
struct completion done;
+ bool quiesce;
};
struct io_buffer {
@@ -7335,10 +7336,15 @@ static int io_rsrc_ref_quiesce(struct fixed_rsrc_data *data,
struct fixed_rsrc_ref_node *backup_node;
int ret;
+ if (data->quiesce)
+ return -ENXIO;
+
+ data->quiesce = true;
do {
backup_node = alloc_fixed_rsrc_ref_node(ctx);
+ ret = -ENOMEM;
if (!backup_node)
- return -ENOMEM;
+ break;
backup_node->rsrc_data = data;
backup_node->rsrc_put = rsrc_put;
@@ -7352,16 +7358,17 @@ static int io_rsrc_ref_quiesce(struct fixed_rsrc_data *data,
percpu_ref_resurrect(&data->refs);
io_sqe_rsrc_set_node(ctx, data, backup_node);
+ backup_node = NULL;
reinit_completion(&data->done);
mutex_unlock(&ctx->uring_lock);
ret = io_run_task_work_sig();
mutex_lock(&ctx->uring_lock);
- if (ret < 0)
- return ret;
- } while (1);
+ } while (ret >= 0);
+ data->quiesce = false;
- destroy_fixed_rsrc_ref_node(backup_node);
- return 0;
+ if (backup_node)
+ destroy_fixed_rsrc_ref_node(backup_node);
+ return ret;
}
static struct fixed_rsrc_data *alloc_fixed_rsrc_data(struct io_ring_ctx *ctx)
@@ -7400,7 +7407,7 @@ static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
* Since we possibly drop uring lock later in this function to
* run task work.
*/
- if (!data || percpu_ref_is_dying(&data->refs))
+ if (!data)
return -ENXIO;
ret = io_rsrc_ref_quiesce(data, ctx, io_ring_file_put);
if (ret)
--
2.24.0
