io_uring/cancel.c · aa01a183924fdf2ab05eb6e44c256aaf8a786d3c · KED Software Projects / Miscellaneous / KED Linux Kernel Fork

2 years ago

io_uring/cancel: re-grab ctx mutex after finishing wait · 23fffb2f

Jens Axboe authored 2 years ago


If we have a signal pending during cancelations, it'll cause the
task_work run to return an error. Since we didn't run task_work, the
current task is left in TASK_INTERRUPTIBLE state when we need to
re-grab the ctx mutex, and the kernel will rightfully complain about
that.

Move the lock grabbing for the error cases outside the loop to avoid
that issue.

Reported-by:  <syzbot+7df055631cd1be4586fd@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/io-uring/0000000000003a14a905f05050b0@google.com/


Signed-off-by: Jens Axboe <axboe@kernel.dk>

23fffb2f

History

io_uring/cancel: re-grab ctx mutex after finishing wait

Jens Axboe authored 2 years ago


If we have a signal pending during cancelations, it'll cause the
task_work run to return an error. Since we didn't run task_work, the
current task is left in TASK_INTERRUPTIBLE state when we need to
re-grab the ctx mutex, and the kernel will rightfully complain about
that.

Move the lock grabbing for the error cases outside the loop to avoid
that issue.

Reported-by:  <syzbot+7df055631cd1be4586fd@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/io-uring/0000000000003a14a905f05050b0@google.com/


Signed-off-by: Jens Axboe <axboe@kernel.dk>