linux-stable/io_uring
Dylan Yudaken ef5c600adb io_uring: always prep_async for drain requests
Drain requests all go through io_drain_req, which has a quick exit in case
there is nothing pending (ie the drain is not useful). In that case it can
run the issue the request immediately.

However for safety it queues it through task work.
The problem is that in this case the request is run asynchronously, but
the async work has not been prepared through io_req_prep_async.

This has not been a problem up to now, as the task work always would run
before returning to userspace, and so the user would not have a chance to
race with it.

However - with IORING_SETUP_DEFER_TASKRUN - this is no longer the case and
the work might be defered, giving userspace a chance to change data being
referred to in the request.

Instead _always_ prep_async for drain requests, which is simpler anyway
and removes this issue.

Cc: stable@vger.kernel.org
Fixes: c0e0d6ba25 ("io_uring: add IORING_SETUP_DEFER_TASKRUN")
Signed-off-by: Dylan Yudaken <dylany@meta.com>
Link: https://lore.kernel.org/r/20230127105911.2420061-1-dylany@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-01-27 06:29:29 -07:00
..
advise.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
advise.h io_uring: split out fadvise/madvise operations 2022-07-24 18:39:11 -06:00
alloc_cache.h io_uring: impose max limit on apoll cache 2022-07-24 18:39:17 -06:00
cancel.c io_uring/cancel: re-grab ctx mutex after finishing wait 2022-12-21 13:31:40 -07:00
cancel.h io_uring: add sync cancelation API through io_uring_register() 2022-07-24 18:39:15 -06:00
epoll.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
epoll.h io_uring: move epoll handler to its own file 2022-07-24 18:39:11 -06:00
fdinfo.c io_uring/fdinfo: include locked hash table in fdinfo output 2023-01-10 10:24:52 -07:00
fdinfo.h io_uring: move fdinfo helpers to its own file 2022-07-24 18:39:12 -06:00
filetable.c io_uring/filetable: fix file reference underflow 2022-11-25 06:54:46 -07:00
filetable.h io_uring: kill hot path fixed file bitmap debug checks 2022-10-16 17:07:53 -06:00
fs.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
fs.h io_uring: split out filesystem related operations 2022-07-24 18:39:11 -06:00
io_uring.c io_uring: always prep_async for drain requests 2023-01-27 06:29:29 -07:00
io_uring.h io_uring: lockdep annotate CQ locking 2023-01-03 19:05:41 -07:00
io-wq.c io_uring/io-wq: only free worker if it was allocated for creation 2023-01-08 10:39:17 -07:00
io-wq.h io_uring: move list helpers to a separate file 2022-07-24 18:39:15 -06:00
kbuf.c io_uring: don't use complete_post in kbuf 2022-11-25 06:11:15 -07:00
kbuf.h io_uring: allow buffer recycling in READV 2022-09-21 10:30:43 -06:00
Makefile io_uring: add zc notification infrastructure 2022-07-24 18:41:06 -06:00
msg_ring.c io_uring/msg_ring: fix remote queue to disabled ring 2023-01-20 09:49:34 -07:00
msg_ring.h io_uring: get rid of double locking 2022-12-07 06:47:13 -07:00
net.c io_uring/net: cache provided buffer group value for multishot receives 2023-01-23 07:08:08 -07:00
net.h io_uring/net: zerocopy sendmsg 2022-09-21 13:15:02 -06:00
nop.c io_uring: kill extra io_uring_types.h includes 2022-07-24 18:39:14 -06:00
nop.h io_uring: move nop into its own file 2022-07-24 18:39:11 -06:00
notif.c io_uring/net: move mm accounting to a slower path 2022-11-21 07:38:31 -07:00
notif.h io_uring: move zc reporting from the hot path 2022-11-21 07:38:31 -07:00
opdef.c io_uring: get rid of double locking 2022-12-07 06:47:13 -07:00
opdef.h io_uring: dont remove file from msg_ring reqs 2022-12-07 06:47:13 -07:00
openclose.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
openclose.h io_uring: split out fixed file installation and removal 2022-07-24 18:39:16 -06:00
poll.c io_uring/poll: don't reissue in case of poll race on multishot request 2023-01-20 15:11:54 -07:00
poll.h io_uring: add abstraction around apoll cache 2022-07-24 18:39:17 -06:00
refs.h io_uring: make io_uring_types.h public 2022-07-24 18:39:14 -06:00
rsrc.c io_uring: use tw for putting rsrc 2022-12-07 06:47:13 -07:00
rsrc.h io_uring: use tw for putting rsrc 2022-12-07 06:47:13 -07:00
rw.c io_uring: lock overflowing for IOPOLL 2023-01-13 07:32:46 -07:00
rw.h io_uring/rw: don't lose partial IO result on fail 2022-09-21 13:15:02 -06:00
slist.h io_uring: move list helpers to a separate file 2022-07-24 18:39:15 -06:00
splice.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
splice.h io_uring: split out splice related operations 2022-07-24 18:39:11 -06:00
sqpoll.c audit, io_uring, io-wq: Fix memory leak in io_sq_thread() and io_wqe_worker() 2022-08-04 08:33:54 -06:00
sqpoll.h io_uring: move SQPOLL related handling into its own file 2022-07-24 18:39:12 -06:00
statx.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
statx.h io_uring: move statx handling to its own file 2022-07-24 18:39:11 -06:00
sync.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
sync.h io_uring: split out fs related sync/fallocate functions 2022-07-24 18:39:11 -06:00
tctx.c io_uring: remove io_register_submitter 2022-10-07 12:25:30 -06:00
tctx.h io_uring: simplify __io_uring_add_tctx_node 2022-10-07 12:25:30 -06:00
timeout.c io_uring: ease timeout flush locking requirements 2022-12-14 08:53:35 -07:00
timeout.h io_uring: remove unused return from io_disarm_next 2022-09-21 13:15:01 -06:00
uring_cmd.c io_uring: iopoll protect complete_post 2022-11-23 10:45:31 -07:00
uring_cmd.h io_uring: move uring_cmd handling to its own file 2022-07-24 18:39:11 -06:00
xattr.c acl: conver higher-level helpers to rely on mnt_idmap 2022-10-31 17:48:12 +01:00
xattr.h io_uring: move xattr related opcodes to its own file 2022-07-24 18:39:11 -06:00