io_uring: don't take task ring-file notes

With ->flush() gone we're now leaving all uring file notes until the
task dies/execs, so the ctx will not be freed until all tasks that have
ever submit a request die. It was nicer with flush but not much, we
could have locked as described ctx in many cases.

Now we guarantee that ctx outlives all tctx in a sense that
io_ring_exit_work() waits for all tctxs to drop their corresponding
enties in ->xa, and ctx won't go away until then. Hence, additional
io_uring file reference (a.k.a. task file notes) are not needed anymore.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8a4ab86ae64f8954b202e47d5ec26130ecea74e4..f448213267c84bb88d9f61d7c1aaf393f57560e5 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8821,11 +8821,9 @@ static int io_uring_add_task_file(struct io_ring_ctx *ctx, struct file *file)
                        node->file = file;
                        node->task = current;
 
-                       get_file(file);
                        ret = xa_err(xa_store(&tctx->xa, (unsigned long)file,
                                                node, GFP_KERNEL));
                        if (ret) {
-                               fput(file);
                                kfree(node);
                                return ret;
                        }
@@ -8856,6 +8854,8 @@ static void io_uring_del_task_file(unsigned long index)
        struct io_uring_task *tctx = current->io_uring;
        struct io_tctx_node *node;
 
+       if (!tctx)
+               return;
        node = xa_erase(&tctx->xa, index);
        if (!node)
                return;
@@ -8869,7 +8869,6 @@ static void io_uring_del_task_file(unsigned long index)
 
        if (tctx->last == node->file)
                tctx->last = NULL;
-       fput(node->file);
        kfree(node);
 }