• J
    io_uring: prune request from overflow list on flush · 2ca10259
    Jens Axboe 提交于
    Carter reported an issue where he could produce a stall on ring exit,
    when we're cleaning up requests that match the given file table. For
    this particular test case, a combination of a few things caused the
    issue:
    
    - The cq ring was overflown
    - The request being canceled was in the overflow list
    
    The combination of the above means that the cq overflow list holds a
    reference to the request. The request is canceled correctly, but since
    the overflow list holds a reference to it, the final put won't happen.
    Since the final put doesn't happen, the request remains in the inflight.
    Hence we never finish the cancelation flush.
    
    Fix this by removing requests from the overflow list if we're canceling
    them.
    
    Cc: stable@vger.kernel.org # 5.5
    Reported-by: NCarter Li 李通洲 <carter.li@eoitek.com>
    Signed-off-by: NJens Axboe <axboe@kernel.dk>
    2ca10259
io_uring.c 169.1 KB