On 10/9/20 6:49 AM, Matthew Wilcox (Oracle) wrote:
> The xas_store() wasn't paired with an xas_nomem() loop, so if it couldn't
> allocate memory using GFP_NOWAIT, it would leak the reference to the file
> descriptor. Also the node pointed to by the xas could be freed between
> the call to xas_load() under the rcu_read_lock() and the acquisition of
> the xa_lock.
>
> It's easier to just use the normal xa_load/xa_store interface here.
>
> Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
> ---
> fs/io_uring.c | 21 +++++++++------------
> 1 file changed, 9 insertions(+), 12 deletions(-)
>
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 2978cc78538a..bcef6210bf67 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -8586,27 +8586,24 @@ static void io_uring_cancel_task_requests(struct io_ring_ctx *ctx,
> */
> static int io_uring_add_task_file(struct file *file)
> {
> - if (unlikely(!current->io_uring)) {
> + struct io_uring_task *cur_uring = current->io_uring;
> +
> + if (unlikely(!cur_uring)) {
> int ret;
>
> ret = io_uring_alloc_task_context(current);
> if (unlikely(ret))
> return ret;
> }
I think this is missing a:
cur_uring = current->io_uring;
after the successful io_uring_alloc_task(). I'll also rename it to tctx
like what is used in other spots.
Apart from that, series looks good to me, thanks Matthew!
--
Jens Axboe
