io_uring: fix counter inc/dec mismatch in async_list

commit f7b76ac9d1 upstream. We could queue a work for each req in defer and link list without increasing async_list->cnt, so we shouldn't decrease it while exiting from workqueue as well if we didn't process the req in async list. Thanks to Jens Axboe <axboe@kernel.dk> for his guidance. Fixes: 31b5151064 ("io_uring: allow workqueue item to handle multiple buffered requests") Signed-off-by: Zhengyuan Liu <liuzhengyuan@kylinos.cn> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-12-06 01:49:46 +00:00 · 2019-07-16 23:26:14 +08:00
parent 119be19fa6
commit 4686e13461
1 changed files with 8 additions and 0 deletions
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -331,6 +331,9 @@ struct io_kiocb {
 #define REQ_F_SEQ_PREV		8	/* sequential with previous */
 #define REQ_F_IO_DRAIN		16	/* drain existing IO first */
 #define REQ_F_IO_DRAINED	32	/* drain done */
+#define REQ_F_LINK		64	/* linked sqes */
+#define REQ_F_LINK_DONE		128	/* linked sqes done */
+#define REQ_F_FAIL_LINK		256	/* fail rest of links */
 	u64			user_data;
 	u32			error;	/* iopoll result from callback */
 	u32			sequence;
@@ -1698,6 +1701,10 @@ restart:
 		/* async context always use a copy of the sqe */
 		kfree(sqe);

+		/* req from defer and link list needn't decrease async cnt */
+		if (req->flags & (REQ_F_IO_DRAINED | REQ_F_LINK_DONE))
+			goto out;
+
 		if (!async_list)
 			break;
 		if (!list_empty(&req_list)) {
@@ -1745,6 +1752,7 @@ restart:
 		}
 	}

+out:
 	if (cur_mm) {
 		set_fs(old_fs);
 		unuse_mm(cur_mm);