io_uring: drop req submit reference always in async punt [Linux 5.1]

io_uring: drop req submit reference always in async punt [Linux 5.1]

This Linux kernel change "io_uring: drop req submit reference always in async punt" is included in the Linux 5.1 release. This change is authored by Jens Axboe <axboe [at] kernel.dk> on Tue Apr 30 14:44:05 2019 -0600. The commit for this change in Linux stable tree is 817869d (patch).

io_uring: drop req submit reference always in async punt

If we don't end up actually calling submit in io_sq_wq_submit_work(),
we still need to drop the submit reference to the request. If we
don't, then we can leak the request. This can happen if we race
with ring shutdown while flushing the workqueue for requests that
require use of the mm_struct.

Fixes: e65ef56db494 ("io_uring: use regular request ref counts")
Signed-off-by: Jens Axboe <[email protected]>

There are 7 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 fs/io_uring.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 046fc4e..18cecb6 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -1568,10 +1568,11 @@ static void io_sq_wq_submit_work(struct work_struct *work)
                    break;
                cond_resched();
            } while (1);
-
-           /* drop submission reference */
-           io_put_req(req);
        }
+
+       /* drop submission reference */
+       io_put_req(req);
+
        if (ret) {
            io_cqring_add_event(ctx, sqe->user_data, ret, 0);
            io_put_req(req);

Leave a Reply

Your email address will not be published. Required fields are marked *