On 9/12/21 9:36 AM, Hao Xu wrote:
> 在 2021/9/11 下午4:58, Bixuan Cui 写道:
>> While task_work_add() in io_workqueue_create() is true,
>> then duplicate code is executed:
>>
>> -> clear_bit_unlock(0, &worker->create_state);
>> -> io_worker_release(worker);
>> -> atomic_dec(&acct->nr_running);
>> -> io_worker_ref_put(wq);
>> -> return false;
>>
>> -> clear_bit_unlock(0, &worker->create_state); // back to io_workqueue_create()
>> -> io_worker_release(worker);
>> -> kfree(worker);
>>
>> The io_worker_release() and clear_bit_unlock() are executed twice.
>>
>> Fixes: 3146cba99aa2 ("io-wq: make worker creation resilient against signals")
>> Signed-off-by: Bixuan Cui <cuibixuan@xxxxxxxxxx>
>> ---
>> fs/io-wq.c | 9 ++++-----
>> 1 file changed, 4 insertions(+), 5 deletions(-)
>>
>> diff --git a/fs/io-wq.c b/fs/io-wq.c
>> index 6c55362c1f99..95d0eaed7c00 100644
>> --- a/fs/io-wq.c
>> +++ b/fs/io-wq.c
>> @@ -329,8 +329,10 @@ static bool io_queue_worker_create(struct io_worker *worker,
>>
>> init_task_work(&worker->create_work, func);
>> worker->create_index = acct->index;
>> - if (!task_work_add(wq->task, &worker->create_work, TWA_SIGNAL))
>> + if (!task_work_add(wq->task, &worker->create_work, TWA_SIGNAL)) {
>> + clear_bit_unlock(0, &worker->create_state);
>> return true;
>> + }
>> clear_bit_unlock(0, &worker->create_state);
>> fail_release:
>> io_worker_release(worker);
>> @@ -723,11 +725,8 @@ static void io_workqueue_create(struct work_struct *work)
>> struct io_worker *worker = container_of(work, struct io_worker, work);
>> struct io_wqe_acct *acct = io_wqe_get_acct(worker);
>>
>> - if (!io_queue_worker_create(worker, acct, create_worker_cont)) {
>> - clear_bit_unlock(0, &worker->create_state);
>> - io_worker_release(worker);
>> + if (!io_queue_worker_create(worker, acct, create_worker_cont))
>> kfree(worker);
>> - }
>> }
>>
>> static bool create_io_worker(struct io_wq *wq, struct io_wqe *wqe, int index)
>>
> AFAIK, this looks reasonable for me.
I took that as a reviewed-by, let me know if that isn't correct.
--
Jens Axboe
