Commit 805b13ad authored by Jens Axboe's avatar Jens Axboe

io_uring: ensure RCU callback ordering with rcu_barrier()

After more careful studying, Paul informs me that we cannot rely on
ordering of RCU callbacks in the way that the the tagged commit did.
The current construct looks like this:

	void C(struct rcu_head *rhp)
	{
		do_something(rhp);
		call_rcu(&p->rh, B);
	}

	call_rcu(&p->rh, A);
	call_rcu(&p->rh, C);

and we're relying on ordering between A and B, which isn't guaranteed.
Make this explicit instead, and have a work item issue the rcu_barrier()
to ensure that A has run before we manually execute B.

While thorough testing never showed this issue, it's dependent on the
per-cpu load in terms of RCU callbacks. The updated method simplifies
the code as well, and eliminates the need to maintain an rcu_head in
the fileset data.

Fixes: c1e2148f ("io_uring: free fixed_file_data after RCU grace period")
Reported-by: default avatarPaul E. McKenney <paulmck@kernel.org>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f0e20b89
...@@ -191,7 +191,6 @@ struct fixed_file_data { ...@@ -191,7 +191,6 @@ struct fixed_file_data {
struct llist_head put_llist; struct llist_head put_llist;
struct work_struct ref_work; struct work_struct ref_work;
struct completion done; struct completion done;
struct rcu_head rcu;
}; };
struct io_ring_ctx { struct io_ring_ctx {
...@@ -5331,24 +5330,21 @@ static void io_file_ref_kill(struct percpu_ref *ref) ...@@ -5331,24 +5330,21 @@ static void io_file_ref_kill(struct percpu_ref *ref)
complete(&data->done); complete(&data->done);
} }
static void __io_file_ref_exit_and_free(struct rcu_head *rcu) static void io_file_ref_exit_and_free(struct work_struct *work)
{ {
struct fixed_file_data *data = container_of(rcu, struct fixed_file_data, struct fixed_file_data *data;
rcu);
percpu_ref_exit(&data->refs); data = container_of(work, struct fixed_file_data, ref_work);
kfree(data);
}
static void io_file_ref_exit_and_free(struct rcu_head *rcu)
{
/* /*
* We need to order our exit+free call against the potentially * Ensure any percpu-ref atomic switch callback has run, it could have
* existing call_rcu() for switching to atomic. One way to do that * been in progress when the files were being unregistered. Once
* is to have this rcu callback queue the final put and free, as we * that's done, we can safely exit and free the ref and containing
* could otherwise have a pre-existing atomic switch complete _after_ * data structure.
* the free callback we queued.
*/ */
call_rcu(rcu, __io_file_ref_exit_and_free); rcu_barrier();
percpu_ref_exit(&data->refs);
kfree(data);
} }
static int io_sqe_files_unregister(struct io_ring_ctx *ctx) static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
...@@ -5369,7 +5365,8 @@ static int io_sqe_files_unregister(struct io_ring_ctx *ctx) ...@@ -5369,7 +5365,8 @@ static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
for (i = 0; i < nr_tables; i++) for (i = 0; i < nr_tables; i++)
kfree(data->table[i].files); kfree(data->table[i].files);
kfree(data->table); kfree(data->table);
call_rcu(&data->rcu, io_file_ref_exit_and_free); INIT_WORK(&data->ref_work, io_file_ref_exit_and_free);
queue_work(system_wq, &data->ref_work);
ctx->file_data = NULL; ctx->file_data = NULL;
ctx->nr_user_files = 0; ctx->nr_user_files = 0;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment