• P
    io_uring: fix current->mm NULL dereference on exit · d60b5fbc
    Pavel Begunkov 提交于
    Don't reissue requests from io_iopoll_reap_events(), the task may not
    have mm, which ends up with NULL. It's better to kill everything off on
    exit anyway.
    
    [  677.734670] RIP: 0010:io_iopoll_complete+0x27e/0x630
    ...
    [  677.734679] Call Trace:
    [  677.734695]  ? __send_signal+0x1f2/0x420
    [  677.734698]  ? _raw_spin_unlock_irqrestore+0x24/0x40
    [  677.734699]  ? send_signal+0xf5/0x140
    [  677.734700]  io_iopoll_getevents+0x12f/0x1a0
    [  677.734702]  io_iopoll_reap_events.part.0+0x5e/0xa0
    [  677.734703]  io_ring_ctx_wait_and_kill+0x132/0x1c0
    [  677.734704]  io_uring_release+0x20/0x30
    [  677.734706]  __fput+0xcd/0x230
    [  677.734707]  ____fput+0xe/0x10
    [  677.734709]  task_work_run+0x67/0xa0
    [  677.734710]  do_exit+0x35d/0xb70
    [  677.734712]  do_group_exit+0x43/0xa0
    [  677.734713]  get_signal+0x140/0x900
    [  677.734715]  do_signal+0x37/0x780
    [  677.734717]  ? enqueue_hrtimer+0x41/0xb0
    [  677.734718]  ? recalibrate_cpu_khz+0x10/0x10
    [  677.734720]  ? ktime_get+0x3e/0xa0
    [  677.734721]  ? lapic_next_deadline+0x26/0x30
    [  677.734723]  ? tick_program_event+0x4d/0x90
    [  677.734724]  ? __hrtimer_get_next_event+0x4d/0x80
    [  677.734726]  __prepare_exit_to_usermode+0x126/0x1c0
    [  677.734741]  prepare_exit_to_usermode+0x9/0x40
    [  677.734742]  idtentry_exit_cond_rcu+0x4c/0x60
    [  677.734743]  sysvec_reschedule_ipi+0x92/0x160
    [  677.734744]  ? asm_sysvec_reschedule_ipi+0xa/0x20
    [  677.734745]  asm_sysvec_reschedule_ipi+0x12/0x20
    Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
    Signed-off-by: NJens Axboe <axboe@kernel.dk>
    d60b5fbc
io_uring.c 193.8 KB