www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Bui Quang Minh <minhquangbui99@gmail.com>
	Mon, 13 Jan 2025 16:03:31 +0000 (23:03 +0700)
committer	Jens Axboe <axboe@kernel.dk>
	Mon, 13 Jan 2025 22:29:44 +0000 (15:29 -0700)
commit	a13030fd194c88961be4679f87a1380f1bda0ebe
tree	9b87d4be9b0e1805f8e22fb842dc1ded4793441b	tree
parent	94d57442e56d2ad2ca20d096040b8ae6f216a921	commit \| diff

io_uring: simplify the SQPOLL thread check when cancelling requests

In io_uring_try_cancel_requests, we check whether sq_data->thread ==
current to determine if the function is called by the SQPOLL thread to do
iopoll when IORING_SETUP_SQPOLL is set. This check can race with the SQPOLL
thread termination.

io_uring_cancel_generic is used in 2 places: io_uring_cancel_generic and
io_ring_exit_work. In io_uring_cancel_generic, we have the information
whether the current is SQPOLL thread already. And the SQPOLL thread never
reaches io_ring_exit_work.

So to avoid the racy check, this commit adds a boolean flag to
io_uring_try_cancel_requests to determine if the caller is SQPOLL thread.

Reported-by: syzbot+3c750be01dab672c513d@syzkaller.appspotmail.com
Reported-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Li Zetao <lizetao1@huawei.com>
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/20250113160331.44057-1-minhquangbui99@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>