diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2021-01-11 04:00:31 +0000 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2021-01-11 07:39:54 -0700 |
| commit | 621fadc22365f3cf307bcd9048e3372e9ee9cdcc (patch) | |
| tree | 94756a0e03f262cce362d1d165660fb5c01990a4 /fs/io_uring.c | |
| parent | d434ab6db524ab1efd0afad4ffa1ee65ca6ac097 (diff) | |
| download | linux-621fadc22365f3cf307bcd9048e3372e9ee9cdcc.tar.gz linux-621fadc22365f3cf307bcd9048e3372e9ee9cdcc.tar.bz2 linux-621fadc22365f3cf307bcd9048e3372e9ee9cdcc.zip | |
io_uring: don't take files/mm for a dead task
In rare cases a task may be exiting while io_ring_exit_work() trying to
cancel/wait its requests. It's ok for __io_sq_thread_acquire_mm()
because of SQPOLL check, but is not for __io_sq_thread_acquire_files().
Play safe and fail for both of them.
Cc: stable@vger.kernel.org # 5.5+
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs/io_uring.c')
| -rw-r--r-- | fs/io_uring.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 7af74c1ec909..b0e6d8e607a3 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -1106,6 +1106,9 @@ static void io_sq_thread_drop_mm_files(void) static int __io_sq_thread_acquire_files(struct io_ring_ctx *ctx) { + if (current->flags & PF_EXITING) + return -EFAULT; + if (!current->files) { struct files_struct *files; struct nsproxy *nsproxy; @@ -1133,6 +1136,8 @@ static int __io_sq_thread_acquire_mm(struct io_ring_ctx *ctx) { struct mm_struct *mm; + if (current->flags & PF_EXITING) + return -EFAULT; if (current->mm) return 0; |