From ebb11a131c7d3183faba5df9e96f7b5e72f91685 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Thu, 15 Apr 2021 17:33:44 +0800 Subject: [PATCH] io_uring: io_fail_links() should only consider first linked timeout mainline inclusion from mainline-5.5-rc1 commit 5d960724b0cb0d12469d1c62912e4a8c09c9fd92 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA --------------------------- We currently clear the linked timeout field if we cancel such a timeout, but we should only attempt to cancel if it's the first one we see. Others should simply be freed like other requests, as they haven't been started yet. Signed-off-by: Jens Axboe Signed-off-by: Zhihao Cheng Signed-off-by: yangerkun Reviewed-by: zhangyi (F) Signed-off-by: Cheng Jian --- fs/io_uring.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 94ee48d6cdf7..b05bdd5d523e 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -941,12 +941,12 @@ static void io_fail_links(struct io_kiocb *req) if ((req->flags & REQ_F_LINK_TIMEOUT) && link->submit.sqe->opcode == IORING_OP_LINK_TIMEOUT) { io_link_cancel_timeout(link); - req->flags &= ~REQ_F_LINK_TIMEOUT; } else { io_cqring_fill_event(link, -ECANCELED); __io_double_put_req(link); } kfree(sqe_to_free); + req->flags &= ~REQ_F_LINK_TIMEOUT; } io_commit_cqring(ctx); @@ -2836,9 +2836,10 @@ static enum hrtimer_restart io_link_timeout_fn(struct hrtimer *timer) */ if (!list_empty(&req->list)) { prev = list_entry(req->list.prev, struct io_kiocb, link_list); - if (refcount_inc_not_zero(&prev->refs)) + if (refcount_inc_not_zero(&prev->refs)) { list_del_init(&req->list); - else + prev->flags &= ~REQ_F_LINK_TIMEOUT; + } else prev = NULL; } -- GitLab