From: Pavel Begunkov asml.silence@gmail.com
mainline inclusion from mainline-5.6-rc1 commit b14cca0c84c760fbd39ad6bb7e1181e2df103d25 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA ---------------------------
req->ring_fd and req->ring_file are used only during the prep stage during submission, which is is protected by mutex. There is no need to store them per-request, place them in ctx.
Signed-off-by: Pavel Begunkov asml.silence@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: yangerkun yangerkun@huawei.com Reviewed-by: zhangyi (F) yi.zhang@huawei.com Signed-off-by: Cheng Jian cj.chengjian@huawei.com --- fs/io_uring.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c index cca10716ed34..40cbb76ed770 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -251,6 +251,8 @@ struct io_ring_ctx { */ struct fixed_file_data *file_data; unsigned nr_user_files; + int ring_fd; + struct file *ring_file;
/* if used, fixed mapped user buffers */ unsigned nr_user_bufs; @@ -476,15 +478,10 @@ struct io_kiocb { };
struct io_async_ctx *io; - union { - /* - * ring_file is only used in the submission path, and - * llist_node is only used for poll deferred completions - */ - struct file *ring_file; - struct llist_node llist_node; - }; - int ring_fd; + /* + * llist_node is only used for poll deferred completions + */ + struct llist_node llist_node; bool has_user; bool in_async; bool needs_fixed_file; @@ -1136,7 +1133,6 @@ static struct io_kiocb *io_get_req(struct io_ring_ctx *ctx,
got_it: req->io = NULL; - req->ring_file = NULL; req->file = NULL; req->ctx = ctx; req->flags = 0; @@ -2677,7 +2673,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
req->close.fd = READ_ONCE(sqe->fd); if (req->file->f_op == &io_uring_fops || - req->close.fd == req->ring_fd) + req->close.fd == req->ctx->ring_fd) return -EBADF;
return 0; @@ -4336,7 +4332,7 @@ static int io_grab_files(struct io_kiocb *req) int ret = -EBADF; struct io_ring_ctx *ctx = req->ctx;
- if (!req->ring_file) + if (!ctx->ring_file) return -EBADF;
rcu_read_lock(); @@ -4347,7 +4343,7 @@ static int io_grab_files(struct io_kiocb *req) * the fd has changed since we started down this path, and disallow * this operation if it has. */ - if (fcheck(req->ring_fd) == req->ring_file) { + if (fcheck(ctx->ring_fd) == ctx->ring_file) { list_add(&req->inflight_entry, &ctx->inflight_list); req->flags |= REQ_F_INFLIGHT; req->work.files = current->files; @@ -4719,6 +4715,9 @@ static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr, statep = &state; }
+ ctx->ring_fd = ring_fd; + ctx->ring_file = ring_file; + for (i = 0; i < nr; i++) { const struct io_uring_sqe *sqe; struct io_kiocb *req; @@ -4751,8 +4750,6 @@ static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr, } }
- req->ring_file = ring_file; - req->ring_fd = ring_fd; req->has_user = *mm != NULL; req->in_async = async; req->needs_fixed_file = async;