On Mon, Aug 15, 2022 at 10:36:33AM +0800, ZiyangZhang wrote: > In ublk_queue_rq(), Assume current request is a re-issued request aborted > previously in monitor_work because the ubq_daemon(ioucmd's task) is > PF_EXITING. For this request, we cannot call > io_uring_cmd_complete_in_task() anymore because at that moment io_uring > context may be freed in case that no inflight ioucmd exists. Otherwise, > we may cause null-deref in ctx->fallback_work. > > Add a check on UBLK_IO_FLAG_ABORTED to prevent the above situation. This > check is safe and makes sense. > > Note: monitor_work sets UBLK_IO_FLAG_ABORTED and ends this request > (releasing the tag). Then the request is restarted(allocating the tag) > and we are here. Since releasing/allocating a tag implies smp_mb(), > finding UBLK_IO_FLAG_ABORTED guarantees that here is a re-issued request > aborted previously. > > Suggested-by: Ming Lei <ming.lei@xxxxxxxxxx> > Signed-off-by: ZiyangZhang <ZiyangZhang@xxxxxxxxxxxxxxxxx> Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx> Thanks, Ming
