From: Jens Axboe Date: Tue, 25 Aug 2020 13:58:00 +0000 (-0600) Subject: io_uring: fix imbalanced sqo_mm accounting X-Git-Tag: v5.10.7~1559^2~26 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6b7898eb180df12767933466b7855b23103ad489;p=platform%2Fkernel%2Flinux-rpi.git io_uring: fix imbalanced sqo_mm accounting We do the initial accounting of locked_vm and pinned_vm before we have setup ctx->sqo_mm, which means we can end up having not accounted the memory at setup time, but still decrement it when we exit. This causes an imbalance in the accounting. Setup ctx->sqo_mm earlier in io_uring_create(), before we do the first accounting of mm->{locked,pinned}_vm. This also unifies the state grabbing for the ctx, and eliminates a failure case in io_sq_offload_start(). Fixes: f74441e6311a ("io_uring: account locked memory before potential error case") Reported-by: Robert M. Muncrief Reported-by: Niklas Schnelle Tested-by: Niklas Schnelle Tested-by: Robert M. Muncrief Signed-off-by: Jens Axboe --- diff --git a/fs/io_uring.c b/fs/io_uring.c index e030b33..384df86 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7447,9 +7447,6 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx, { int ret; - mmgrab(current->mm); - ctx->sqo_mm = current->mm; - if (ctx->flags & IORING_SETUP_SQPOLL) { ret = -EPERM; if (!capable(CAP_SYS_ADMIN)) @@ -7494,10 +7491,6 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx, return 0; err: io_finish_async(ctx); - if (ctx->sqo_mm) { - mmdrop(ctx->sqo_mm); - ctx->sqo_mm = NULL; - } return ret; } @@ -8547,6 +8540,9 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, ctx->user = user; ctx->creds = get_current_cred(); + mmgrab(current->mm); + ctx->sqo_mm = current->mm; + /* * Account memory _before_ installing the file descriptor. Once * the descriptor is installed, it can get closed at any time. Also