blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init#827
Open
blktests-ci[bot] wants to merge 11 commits into
Open
blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init#827blktests-ci[bot] wants to merge 11 commits into
blktests-ci[bot] wants to merge 11 commits into
Conversation
No functional changes in this patch. Signed-off-by: Jens Axboe <axboe@kernel.dk>
One of the nastier things about epoll is how it allows adding epoll files to epoll contexts. This leads to all sorts of loop detection code, and has been a source of issues in the past. Arguably adding IORING_EPOLL_CTL is a historical mistake on the io_uring side, but we're kind of stuck with it now as it does seem to be in use according to code searches. But we can at least minimize the damage a bit and just disallow this part of epoll, where nesting issues can arise. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
* io_uring-7.1: io_uring/tw: serialize ctx->retry_llist with ->uring_lock io_uring/napi: cap busy_poll_to 10 msec io_uring/kbuf: support min length left for incremental buffers io_uring/kbuf: kill dead struct io_buffer_list 'nr_entries' member
In preparation for supporting bigger individual buffers, bump the length field to a full 8-bytes with size_t rather than an unsigned int. Signed-off-by: Jens Axboe <axboe@kernel.dk>
Track huge page references in a per-ring xarray to prevent double accounting when the same huge page is used by multiple registered buffers, either within the same ring or across cloned rings. When registering buffers backed by huge pages, we need to account for RLIMIT_MEMLOCK. But if multiple buffers share the same huge page (common with cloned buffers), we must not account for the same page multiple times. Similarly, we must only unaccount when the last reference to a huge page is released. Maintain a per-ring xarray (hpage_acct) that tracks reference counts for each huge page. When registering a buffer, for each unique huge page, increment its accounting reference count, and only account pages that are newly added. When unregistering a buffer, for each unique huge page, decrement its refcount. Once the refcount hits zero, the page is unaccounted. Note: any account is done against the ctx->user that was assigned when the ring was setup. As before, if root is running the operation, no accounting is done. With these changes, any use of imu->acct_pages is also dead, hence kill it from struct io_mapped_ubuf. This shrinks it from 56b to 48b on a 64-bit arch. Additionally, hpage_already_acct() is gone, which was an O(M*M) scan over current + previous registrations. Signed-off-by: Jens Axboe <axboe@kernel.dk>
There's no real reason to have a limit, as the memory is accounted by the lockmem limits anyway, if any exist. io_pin_pages() will still restrict the maximum allowed limit per buffer, which is INT_MAX number of pages. Cap it a bit lower than that, at 1TB for a 64-bit system. Surely that should be enough for everyone. For now. Signed-off-by: Jens Axboe <axboe@kernel.dk>
* for-7.2/block: drbd: replace genl_magic with explicit netlink serialization drbd: move UAPI headers to include/uapi/linux/
* epoll-cleanups: io_uring/epoll: disallow adding an epoll file to an epoll context io_uring/epoll: switch to using do_epoll_ctl_file() interface eventpoll: add file based control interface eventpoll: export is_file_epoll() eventpoll: pass struct epoll_filefd through ep_find() and ep_insert()
* io_uring-user-acct.v2: io_uring/rsrc: add huge page accounting for registered buffers
* io_uring-reg-buffers: io_uring/rsrc: raise registered buffer 1GB limit io_uring/rsrc: bump struct io_mapped_ubuf length field to size_t Signed-off-by: Jens Axboe <axboe@kernel.dk>
Author
|
Upstream branch: 31fea07 Pull request is NOT updated. Failed to apply https://patchwork.kernel.org/project/linux-block/list/?series=1094017 conflict: |
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
2a80064 to
2cbf0fd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init
version: 1
url: https://patchwork.kernel.org/project/linux-block/list/?series=1094017