From: Pavel Begunkov <asml.silence@gmail.com>
To: Jens Axboe <axboe@kernel.dk>, io-uring@vger.kernel.org
Subject: Re: io_uring: io_fail_links() should only consider first linked timeout
Date: Wed, 20 Nov 2019 11:44:11 +0300 [thread overview]
Message-ID: <b8b1c8cf-5120-c4b2-e74b-4d0545b7a1f8@gmail.com> (raw)
In-Reply-To: <efca87b0-3b8a-9614-c4c7-a341a2882b58@kernel.dk>
On 11/20/2019 1:33 AM, Jens Axboe wrote:
> We currently clear the linked timeout field if we cancel such a timeout,
> but we should only attempt to cancel if it's the first one we see.
> Others should simply be freed like other requests, as they haven't
> been started yet.
>
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
>
> ---
>
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index a79ef43367b1..d1085e4e8ae9 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -937,12 +937,12 @@ static void io_fail_links(struct io_kiocb *req)
> if ((req->flags & REQ_F_LINK_TIMEOUT) &&
> link->submit.sqe->opcode == IORING_OP_LINK_TIMEOUT) {
> io_link_cancel_timeout(link);
> - req->flags &= ~REQ_F_LINK_TIMEOUT;
> } else {
> io_cqring_fill_event(link, -ECANCELED);
> __io_double_put_req(link);
> }
> kfree(sqe_to_free);
> + req->flags &= ~REQ_F_LINK_TIMEOUT;
That's not necessary, but maybe would safer to keep. If
REQ_F_LINK_TIMEOUT is set, than there was a link timeout request,
and for it and only for it io_link_cancel_timeout() will be called.
However, this is only true if linked timeout isn't fired. Otherwise,
there is another bug, which isn't fixed by either of the patches. We
need to clear REQ_F_LINK_TIMEOUT in io_link_timeout_fn() as well.
Let: REQ -> L_TIMEOUT1 -> L_TIMEOUT2
1. L_TIMEOUT1 fired before REQ is completed
2. io_link_timeout_fn() removes L_TIMEOUT1 from the list:
REQ|REQ_F_LINK_TIMEOUT -> L_TIMEOUT2
3. free_req(REQ) then call io_link_cancel_timeout(L_TIMEOUT2)
leaking it (as described in my patch).
P.S. haven't tried to test nor reproduce it yet.
> }
>
> io_commit_cqring(ctx);
>
--
Pavel Begunkov
next prev parent reply other threads:[~2019-11-20 8:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-19 22:33 io_uring: io_fail_links() should only consider first linked timeout Jens Axboe
2019-11-20 8:44 ` Pavel Begunkov [this message]
2019-11-20 10:22 ` Bob Liu
2019-11-20 11:07 ` Pavel Begunkov
2019-11-20 14:03 ` Bob Liu
2019-11-20 14:23 ` Jens Axboe
2019-11-20 14:28 ` Pavel Begunkov
2019-11-20 14:22 ` Jens Axboe
2019-11-20 15:02 ` Pavel Begunkov
2019-11-20 15:06 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8b1c8cf-5120-c4b2-e74b-4d0545b7a1f8@gmail.com \
--to=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=io-uring@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).