Commit 09fbb0a8 authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Jens Axboe
Browse files

io_uring: Fix leaking linked timeouts 



let have a dependant link: REQ -> LINK_TIMEOUT -> LINK_TIMEOUT

1. submission stage: submission references for REQ and LINK_TIMEOUT
are dropped. So, references respectively (1,1,2)

2. io_put(REQ) + FAIL_LINKS stage: calls io_fail_links(), which for all
linked timeouts will call cancel_timeout() and drop 1 reference.
So, references after: (0,0,1). That's a leak.

Make it treat only the first linked timeout as such, and pass others
through __io_double_put_req().

Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f70193d6

fs/io_uring.c

+1 −0
Original line number Diff line number Diff line
@@ -942,6 +942,7 @@ static void io_fail_links(struct io_kiocb *req) 
		if ((req->flags & REQ_F_LINK_TIMEOUT) &&

		    link->submit.sqe->opcode == IORING_OP_LINK_TIMEOUT) {

			io_link_cancel_timeout(link);

			req->flags &= ~REQ_F_LINK_TIMEOUT;

		} else {

			io_cqring_fill_event(link, -ECANCELED);

			__io_double_put_req(link);

CRA Git | Maintained and supported by SUSTech CRA and CCSE