lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAPFOzZujMZg14Ljp-YsgPqqcJhMFnU68e7XOf09pc=jwoTPytA@mail.gmail.com>
Date: Fri, 12 Sep 2025 09:21:10 +0800
From: Fengnan Chang <changfengnan@...edance.com>
To: Max Kellermann <max.kellermann@...os.com>
Cc: Jens Axboe <axboe@...nel.dk>, Sasha Levin <sashal@...nel.org>, 
	Diangang Li <lidiangang@...edance.com>, io-uring@...r.kernel.org, 
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [External] [PATCH] io_uring/io-wq: fix `max_workers` breakage and
 `nr_workers` underflow

Max Kellermann <max.kellermann@...os.com> 于2025年9月12日周五 08:06写道:
>
> Commit 88e6c42e40de ("io_uring/io-wq: add check free worker before
> create new worker") reused the variable `do_create` for something
> else, abusing it for the free worker check.
>
> This caused the value to effectively always be `true` at the time
> `nr_workers < max_workers` was checked, but it should really be
> `false`.  This means the `max_workers` setting was ignored, and worse:
> if the limit had already been reached, incrementing `nr_workers` was
> skipped even though another worker would be created.
>
> When later lots of workers exit, the `nr_workers` field could easily
> underflow, making the problem worse because more and more workers
> would be created without incrementing `nr_workers`.

Thanks, my mistake.
Reviewed-by: Fengnan Chang <changfengnan@...edance.com>

>
> The simple solution is to use a different variable for the free worker
> check instead of using one variable for two different things.
>
> Cc: stable@...r.kernel.org
> Fixes: 88e6c42e40de ("io_uring/io-wq: add check free worker before create new worker")
> Signed-off-by: Max Kellermann <max.kellermann@...os.com>
> ---
>  io_uring/io-wq.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/io_uring/io-wq.c b/io_uring/io-wq.c
> index 17dfaa0395c4..1d03b2fc4b25 100644
> --- a/io_uring/io-wq.c
> +++ b/io_uring/io-wq.c
> @@ -352,16 +352,16 @@ static void create_worker_cb(struct callback_head *cb)
>         struct io_wq *wq;
>
>         struct io_wq_acct *acct;
> -       bool do_create = false;
> +       bool activated_free_worker, do_create = false;
>
>         worker = container_of(cb, struct io_worker, create_work);
>         wq = worker->wq;
>         acct = worker->acct;
>
>         rcu_read_lock();
> -       do_create = !io_acct_activate_free_worker(acct);
> +       activated_free_worker = io_acct_activate_free_worker(acct);
>         rcu_read_unlock();
> -       if (!do_create)
> +       if (activated_free_worker)
>                 goto no_need_create;
>
>         raw_spin_lock(&acct->workers_lock);
> --
> 2.47.3
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ