Re: WARNING in percpu_ref_kill_and_confirm

From: Linus Torvalds
Date: Mon Apr 22 2019 - 12:33:54 EST

Next message: jglisse: "[PATCH] mm/hmm: move THP and hugetlbfs code path behind #if KCONFIG"
Previous message: Gustavo A. R. Silva: "[PATCH] gdbstub: Replace strcpy() by strscpy()"
In reply to: Jens Axboe: "Re: WARNING in percpu_ref_kill_and_confirm"
Next in thread: Jens Axboe: "Re: WARNING in percpu_ref_kill_and_confirm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Crossed emails ]

On Mon, Apr 22, 2019 at 9:23 AM Jens Axboe <axboe@xxxxxxxxx> wrote:
>
> I think the below should fix this. Very early versions of io_uring didn't
> have this issue, since we did the percpu ref tryget for io_uring_register().

Ok, so I like your patch better than mine, but note how syzbot
bisected this to the initial merge of the io_uring code.

I agree that code shouldn't have had this particular issue, but it
looks like it does.

Is there some way to race with io_ring_ctx_wait_and_kill(), which
_also_ does that ref_kill() thing? I'm not seeing how that could
happen, but maybe if the file ref counts get screwed up you have
->release() called early..

Linus

Next message: jglisse: "[PATCH] mm/hmm: move THP and hugetlbfs code path behind #if KCONFIG"
Previous message: Gustavo A. R. Silva: "[PATCH] gdbstub: Replace strcpy() by strscpy()"
In reply to: Jens Axboe: "Re: WARNING in percpu_ref_kill_and_confirm"
Next in thread: Jens Axboe: "Re: WARNING in percpu_ref_kill_and_confirm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]