Commit a13030fd authored by Bui Quang Minh's avatar Bui Quang Minh Committed by Jens Axboe
Browse files

io_uring: simplify the SQPOLL thread check when cancelling requests 



In io_uring_try_cancel_requests, we check whether sq_data->thread ==
current to determine if the function is called by the SQPOLL thread to do
iopoll when IORING_SETUP_SQPOLL is set. This check can race with the SQPOLL
thread termination.

io_uring_cancel_generic is used in 2 places: io_uring_cancel_generic and
io_ring_exit_work. In io_uring_cancel_generic, we have the information
whether the current is SQPOLL thread already. And the SQPOLL thread never
reaches io_ring_exit_work.

So to avoid the racy check, this commit adds a boolean flag to
io_uring_try_cancel_requests to determine if the caller is SQPOLL thread.

Reported-by: default avatar <syzbot+3c750be01dab672c513d@syzkaller.appspotmail.com>
Reported-by: default avatarLi Zetao <lizetao1@huawei.com>
Reviewed-by: default avatarLi Zetao <lizetao1@huawei.com>
Signed-off-by: default avatarBui Quang Minh <minhquangbui99@gmail.com>
Reviewed-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/20250113160331.44057-1-minhquangbui99@gmail.com


Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 94d57442
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment