mirror of
https://github.com/torvalds/linux.git
synced 2025-11-01 00:58:39 +02:00
390513642e
io_uring always switches requests to atomic refcounting for iowq execution before there is any parallilism by setting REQ_F_REFCOUNT, and the flag is not cleared until the request completes. That should be fine as long as the compiler doesn't make up a non existing value for the flags, however KCSAN still complains when the request owner changes oter flag bits: BUG: KCSAN: data-race in io_req_task_cancel / io_wq_free_work ... read to 0xffff888117207448 of 8 bytes by task 3871 on cpu 0: req_ref_put_and_test io_uring/refs.h:22 [inline] Skip REQ_F_REFCOUNT checks for iowq, we know it's set. Reported-by: syzbot+903a2ad71fb3f1e47cf5@syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/d880bc27fb8c3209b54641be4ff6ac02b0e5789a.1743679736.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
62 lines
1.6 KiB
C
62 lines
1.6 KiB
C
#ifndef IOU_REQ_REF_H
|
|
#define IOU_REQ_REF_H
|
|
|
|
#include <linux/atomic.h>
|
|
#include <linux/io_uring_types.h>
|
|
|
|
/*
|
|
* Shamelessly stolen from the mm implementation of page reference checking,
|
|
* see commit f958d7b528b1 for details.
|
|
*/
|
|
#define req_ref_zero_or_close_to_overflow(req) \
|
|
((unsigned int) atomic_read(&(req->refs)) + 127u <= 127u)
|
|
|
|
static inline bool req_ref_inc_not_zero(struct io_kiocb *req)
|
|
{
|
|
WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
|
|
return atomic_inc_not_zero(&req->refs);
|
|
}
|
|
|
|
static inline bool req_ref_put_and_test_atomic(struct io_kiocb *req)
|
|
{
|
|
WARN_ON_ONCE(!(data_race(req->flags) & REQ_F_REFCOUNT));
|
|
WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
|
|
return atomic_dec_and_test(&req->refs);
|
|
}
|
|
|
|
static inline bool req_ref_put_and_test(struct io_kiocb *req)
|
|
{
|
|
if (likely(!(req->flags & REQ_F_REFCOUNT)))
|
|
return true;
|
|
|
|
WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
|
|
return atomic_dec_and_test(&req->refs);
|
|
}
|
|
|
|
static inline void req_ref_get(struct io_kiocb *req)
|
|
{
|
|
WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
|
|
WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
|
|
atomic_inc(&req->refs);
|
|
}
|
|
|
|
static inline void req_ref_put(struct io_kiocb *req)
|
|
{
|
|
WARN_ON_ONCE(!(req->flags & REQ_F_REFCOUNT));
|
|
WARN_ON_ONCE(req_ref_zero_or_close_to_overflow(req));
|
|
atomic_dec(&req->refs);
|
|
}
|
|
|
|
static inline void __io_req_set_refcount(struct io_kiocb *req, int nr)
|
|
{
|
|
if (!(req->flags & REQ_F_REFCOUNT)) {
|
|
req->flags |= REQ_F_REFCOUNT;
|
|
atomic_set(&req->refs, nr);
|
|
}
|
|
}
|
|
|
|
static inline void io_req_set_refcount(struct io_kiocb *req)
|
|
{
|
|
__io_req_set_refcount(req, 1);
|
|
}
|
|
#endif
|