git.baikalelectronics.ru Git - kernel.git/commit

author	Hao Xu <haoxu@linux.alibaba.com>
	Fri, 20 Aug 2021 22:19:54 +0000 (06:19 +0800)
committer	Jens Axboe <axboe@kernel.dk>
	Mon, 23 Aug 2021 19:10:46 +0000 (13:10 -0600)
commit	ced21e5f2e577fc15d9f29b18b87246223454000
tree	0bbbe1f3d0adb68888e119468af7801425e136e3	tree \| snapshot
parent	9f53f89154a28bdd761be1b0ad73a6537389d40a	commit \| diff

io_uring: fix lack of protection for compl_nr

coml_nr in ctx_flush_and_put() is not protected by uring_lock, this
may cause problems when accessing in parallel:

say coml_nr > 0

  ctx_flush_and put                  other context
   if (compl_nr)                      get mutex
                                      coml_nr > 0
                                      do flush
                                          coml_nr = 0
                                      release mutex
        get mutex
           do flush (*)
        release mutex

in (*) place, we call io_cqring_ev_posted() and users likely get
no events there. To avoid spurious events, re-check the value when
under the lock.

Fixes: 9f6d2c1697a5 ("io_uring: fix __tctx_task_work() ctx race")
Signed-off-by: Hao Xu <haoxu@linux.alibaba.com>
Link: https://lore.kernel.org/r/20210820221954.61815-1-haoxu@linux.alibaba.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>