Re: [PATCH] io_uring: don't free request to slab

From: Pavel Begunkov <asml.silence@gmail.com>
To: Hao Xu <haoxu@linux.alibaba.com>, Jens Axboe <axboe@kernel.dk>
Cc: io-uring@vger.kernel.org, Joseph Qi <joseph.qi@linux.alibaba.com>
Subject: Re: [PATCH] io_uring: don't free request to slab
Date: Wed, 25 Aug 2021 17:02:03 +0100	[thread overview]
Message-ID: <78403925-6da0-7059-484e-cfdd5c2c500f@gmail.com> (raw)
In-Reply-To: <2157392c-5bdc-c5bd-cce9-c9c8ac1fe165@linux.alibaba.com>

On 8/25/21 4:38 PM, Hao Xu wrote:
> 在 2021/8/25 下午9:28, Pavel Begunkov 写道:
>> On 8/25/21 12:40 PM, Hao Xu wrote:
>>> It's not neccessary to free the request back to slab when we fail to
>>> get sqe, just update state->free_reqs pointer.
>>
>> It's a bit hackish because depends on the request being drawn
>> from the array in a particular way. How about returning it
> It seems a req is always allocated from state->reqs, so it should be
> ok? I actually didn't understand 'hackish' here, do you mean
> io_submit_sqes() shouldn't move state->free_reqs which is req caches'
> internal implementation?

I mean it uses implicit knowledge of how io_alloc_req() works, which
may and actually will change. It's just always too easy to forget
about that little one-off thing while changing another chunk.

To give an example, if one decides to remake it and first serve
requests from state->free_list and only when it's empty look into
state->reqs, it's too easy to forget opening a pretty severe
vulnerability.

If there is not much profit from it comparing to the risks, I'd
personally prefer to go with a safer way.  

>> into state->free_list. That thing is as cold as it can get,
>> only buggy apps can hit it.
>>

-- 
Pavel Begunkov