stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
       [not found] <20200805190224.401962-1-axboe@kernel.dk>
@ 2020-08-05 19:02 ` Jens Axboe
  2020-08-06  7:39   ` Stefano Garzarella
  0 siblings, 1 reply; 3+ messages in thread
From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, stable

If we hit an earlier error path in io_uring_create(), then we will have
accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
ring is torn down in error, we use those values to unaccount the memory.

Ensure we set the ctx entries before we're able to hit a potential error
path.

Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 fs/io_uring.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8f96566603f3..0d857f7ca507 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
 	struct io_rings *rings;
 	size_t size, sq_array_offset;
 
+	/* make sure these are sane, as we already accounted them */
+	ctx->sq_entries = p->sq_entries;
+	ctx->cq_entries = p->cq_entries;
+
 	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
 	if (size == SIZE_MAX)
 		return -EOVERFLOW;
@@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
 	rings->cq_ring_entries = p->cq_entries;
 	ctx->sq_mask = rings->sq_ring_mask;
 	ctx->cq_mask = rings->cq_ring_mask;
-	ctx->sq_entries = rings->sq_ring_entries;
-	ctx->cq_entries = rings->cq_ring_entries;
 
 	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
 	if (size == SIZE_MAX) {
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
  2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
@ 2020-08-06  7:39   ` Stefano Garzarella
  2020-08-06 13:20     ` Jens Axboe
  0 siblings, 1 reply; 3+ messages in thread
From: Stefano Garzarella @ 2020-08-06  7:39 UTC (permalink / raw)
  To: Jens Axboe; +Cc: io-uring, stable

On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote:
> If we hit an earlier error path in io_uring_create(), then we will have
> accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
> ring is torn down in error, we use those values to unaccount the memory.
> 
> Ensure we set the ctx entries before we're able to hit a potential error
> path.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> ---
>  fs/io_uring.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 8f96566603f3..0d857f7ca507 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>  	struct io_rings *rings;
>  	size_t size, sq_array_offset;
>  
> +	/* make sure these are sane, as we already accounted them */
> +	ctx->sq_entries = p->sq_entries;
> +	ctx->cq_entries = p->cq_entries;
> +
>  	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
>  	if (size == SIZE_MAX)
>  		return -EOVERFLOW;
> @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>  	rings->cq_ring_entries = p->cq_entries;
>  	ctx->sq_mask = rings->sq_ring_mask;
>  	ctx->cq_mask = rings->cq_ring_mask;
> -	ctx->sq_entries = rings->sq_ring_entries;
> -	ctx->cq_entries = rings->cq_ring_entries;
>  
>  	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
>  	if (size == SIZE_MAX) {
> -- 
> 2.28.0
> 

While reviewing I was asking if we should move io_account_mem() before
io_allocate_scq_urings(), then I saw the second patch :-)

LGTM:

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>

Thanks,
Stefano


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
  2020-08-06  7:39   ` Stefano Garzarella
@ 2020-08-06 13:20     ` Jens Axboe
  0 siblings, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2020-08-06 13:20 UTC (permalink / raw)
  To: Stefano Garzarella; +Cc: io-uring, stable

On 8/6/20 1:39 AM, Stefano Garzarella wrote:
> On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote:
>> If we hit an earlier error path in io_uring_create(), then we will have
>> accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
>> ring is torn down in error, we use those values to unaccount the memory.
>>
>> Ensure we set the ctx entries before we're able to hit a potential error
>> path.
>>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Jens Axboe <axboe@kernel.dk>
>> ---
>>  fs/io_uring.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/io_uring.c b/fs/io_uring.c
>> index 8f96566603f3..0d857f7ca507 100644
>> --- a/fs/io_uring.c
>> +++ b/fs/io_uring.c
>> @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>>  	struct io_rings *rings;
>>  	size_t size, sq_array_offset;
>>  
>> +	/* make sure these are sane, as we already accounted them */
>> +	ctx->sq_entries = p->sq_entries;
>> +	ctx->cq_entries = p->cq_entries;
>> +
>>  	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
>>  	if (size == SIZE_MAX)
>>  		return -EOVERFLOW;
>> @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>>  	rings->cq_ring_entries = p->cq_entries;
>>  	ctx->sq_mask = rings->sq_ring_mask;
>>  	ctx->cq_mask = rings->cq_ring_mask;
>> -	ctx->sq_entries = rings->sq_ring_entries;
>> -	ctx->cq_entries = rings->cq_ring_entries;
>>  
>>  	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
>>  	if (size == SIZE_MAX) {
>> -- 
>> 2.28.0
>>
> 
> While reviewing I was asking if we should move io_account_mem() before
> io_allocate_scq_urings(), then I saw the second patch :-)

Indeed, just split it in two to avoid any extra issues around backporting.

> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>

Thanks, added.

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-06 17:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20200805190224.401962-1-axboe@kernel.dk>
2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
2020-08-06  7:39   ` Stefano Garzarella
2020-08-06 13:20     ` Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).