summaryrefslogtreecommitdiffstats
path: root/io_uring
diff options
context:
space:
mode:
authorJens Axboe <axboe@kernel.dk>2024-07-01 08:40:29 -0600
committerJens Axboe <axboe@kernel.dk>2024-07-01 08:45:27 -0600
commitb0727b1243cd084260e47c51c7950020bfddb636 (patch)
tree14ad84b98a95793c3e12accb92f3075216fca898 /io_uring
parent50cf5f3842af3135b88b041890e7e12a74425fcb (diff)
downloadlinux-b0727b1243cd084260e47c51c7950020bfddb636.tar.gz
linux-b0727b1243cd084260e47c51c7950020bfddb636.tar.bz2
linux-b0727b1243cd084260e47c51c7950020bfddb636.zip
io_uring/msg_ring: check for dead submitter task
The change for improving the handling of the target CQE posting inadvertently dropped the NULL check for the submitter task on the target ring, reinstate that. Fixes: 0617bb500bfa ("io_uring/msg_ring: improve handling of target CQE posting") Reported-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'io_uring')
-rw-r--r--io_uring/msg_ring.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c
index 47a754e83b49..c2171495098b 100644
--- a/io_uring/msg_ring.c
+++ b/io_uring/msg_ring.c
@@ -86,16 +86,21 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts)
percpu_ref_put(&ctx->refs);
}
-static void io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
- int res, u32 cflags, u64 user_data)
+static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
+ int res, u32 cflags, u64 user_data)
{
+ req->task = READ_ONCE(ctx->submitter_task);
+ if (!req->task) {
+ kmem_cache_free(req_cachep, req);
+ return -EOWNERDEAD;
+ }
req->cqe.user_data = user_data;
io_req_set_res(req, res, cflags);
percpu_ref_get(&ctx->refs);
req->ctx = ctx;
- req->task = READ_ONCE(ctx->submitter_task);
req->io_task_work.func = io_msg_tw_complete;
io_req_task_work_add_remote(req, ctx, IOU_F_TWQ_LAZY_WAKE);
+ return 0;
}
static struct io_kiocb *io_msg_get_kiocb(struct io_ring_ctx *ctx)
@@ -125,8 +130,8 @@ static int io_msg_data_remote(struct io_kiocb *req)
if (msg->flags & IORING_MSG_RING_FLAGS_PASS)
flags = msg->cqe_flags;
- io_msg_remote_post(target_ctx, target, msg->len, flags, msg->user_data);
- return 0;
+ return io_msg_remote_post(target_ctx, target, msg->len, flags,
+ msg->user_data);
}
static int io_msg_ring_data(struct io_kiocb *req, unsigned int issue_flags)