lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 23 Nov 2020 20:25:29 +0000
From:   Pavel Begunkov <asml.silence@...il.com>
To:     Hillf Danton <hdanton@...a.com>
Cc:     syzbot <syzbot+c0d52d0b3c0c3ffb9525@...kaller.appspotmail.com>,
        axboe@...nel.dk, io-uring@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        peterz@...radead.org, syzkaller-bugs@...glegroups.com,
        viro@...iv.linux.org.uk, will@...nel.org
Subject: Re: INFO: task hung in __io_uring_files_cancel

On 23/11/2020 07:34, Hillf Danton wrote:
[...]
> After staring the report and 311daef8013a a bit more, it seems that we
> can have a simpler fix without the help of wakeup. It is implemented
> by busy waiting until there is no more request in flight found.

I think it's better not. It doesn't happen instantly, so may take a
lot of spinning in some cases. Moreover, I don't want an unkillable
task eating up all CPU if this hangs again (eg because of some other
case).

And, I'd love to keep it working similarly to __io_uring_task_cancel()
to not think twice about all corner cases.

> 
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -6077,13 +6077,10 @@ static int io_req_defer(struct io_kiocb
>  static void io_req_drop_files(struct io_kiocb *req)
>  {
>  	struct io_ring_ctx *ctx = req->ctx;
> -	struct io_uring_task *tctx = req->task->io_uring;
>  	unsigned long flags;
>  
>  	spin_lock_irqsave(&ctx->inflight_lock, flags);
>  	list_del(&req->inflight_entry);
> -	if (atomic_read(&tctx->in_idle))
> -		wake_up(&tctx->wait);
>  	spin_unlock_irqrestore(&ctx->inflight_lock, flags);
>  	req->flags &= ~REQ_F_INFLIGHT;
>  	put_files_struct(req->work.identity->files);
> @@ -8706,7 +8703,6 @@ static void io_uring_cancel_files(struct
>  	while (!list_empty_careful(&ctx->inflight_list)) {
>  		struct io_task_cancel cancel = { .task = task, .files = NULL, };
>  		struct io_kiocb *req;
> -		DEFINE_WAIT(wait);
>  		bool found = false;
>  
>  		spin_lock_irq(&ctx->inflight_lock);
> @@ -8718,9 +8714,6 @@ static void io_uring_cancel_files(struct
>  			found = true;
>  			break;
>  		}
> -		if (found)
> -			prepare_to_wait(&task->io_uring->wait, &wait,
> -					TASK_UNINTERRUPTIBLE);
>  		spin_unlock_irq(&ctx->inflight_lock);
>  
>  		/* We need to keep going until we don't find a matching req */
> @@ -8733,7 +8726,6 @@ static void io_uring_cancel_files(struct
>  		/* cancellations _may_ trigger task work */
>  		io_run_task_work();
>  		schedule();
> -		finish_wait(&task->io_uring->wait, &wait);
>  	}
>  }
>  
> 

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ