]> www.infradead.org Git - users/willy/xarray.git/commitdiff
projects / users / willy / xarray.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50cf5f3)
io_uring/msg_ring: check for dead submitter task
authorJens Axboe <axboe@kernel.dk>
Mon, 1 Jul 2024 14:40:29 +0000 (08:40 -0600)
committerJens Axboe <axboe@kernel.dk>
Mon, 1 Jul 2024 14:45:27 +0000 (08:45 -0600)
The change for improving the handling of the target CQE posting
inadvertently dropped the NULL check for the submitter task on the target
ring, reinstate that.

Fixes: 0617bb500bfa ("io_uring/msg_ring: improve handling of target CQE posting")
Reported-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
io_uring/msg_ring.c patch | blob | history

diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c
index 47a754e83b49a9dd8fba40b813be0980517ab8b5..c2171495098bfe74308e800957e6f10f69efd0ca 100644 (file)
--- a/io_uring/msg_ring.c
+++ b/io_uring/msg_ring.c
@@ -86,16 +86,21 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts)
        percpu_ref_put(&ctx->refs);
 }
 
-static void io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
-                              int res, u32 cflags, u64 user_data)
+static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
+                             int res, u32 cflags, u64 user_data)
 {
+       req->task = READ_ONCE(ctx->submitter_task);
+       if (!req->task) {
+               kmem_cache_free(req_cachep, req);
+               return -EOWNERDEAD;
+       }
        req->cqe.user_data = user_data;
        io_req_set_res(req, res, cflags);
        percpu_ref_get(&ctx->refs);
        req->ctx = ctx;
-       req->task = READ_ONCE(ctx->submitter_task);
        req->io_task_work.func = io_msg_tw_complete;
        io_req_task_work_add_remote(req, ctx, IOU_F_TWQ_LAZY_WAKE);
+       return 0;
 }
 
 static struct io_kiocb *io_msg_get_kiocb(struct io_ring_ctx *ctx)
@@ -125,8 +130,8 @@ static int io_msg_data_remote(struct io_kiocb *req)
        if (msg->flags & IORING_MSG_RING_FLAGS_PASS)
                flags = msg->cqe_flags;
 
-       io_msg_remote_post(target_ctx, target, msg->len, flags, msg->user_data);
-       return 0;
+       return io_msg_remote_post(target_ctx, target, msg->len, flags,
+                                       msg->user_data);
 }
 
 static int io_msg_ring_data(struct io_kiocb *req, unsigned int issue_flags)
XArray, radix tree and IDR