Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b69f2292 authored by Louis Rilling's avatar Louis Rilling Committed by Jens Axboe
Browse files

block: Fix io_context leak after failure of clone with CLONE_IO 



With CLONE_IO, parent's io_context->nr_tasks is incremented, but never
decremented whenever copy_process() fails afterwards, which prevents
exit_io_context() from calling IO schedulers exit functions.

Give a task_struct to exit_io_context(), and call exit_io_context() instead of
put_io_context() in copy_process() cleanup path.

Signed-off-by: default avatarLouis Rilling <louis.rilling@kerlabs.com>
Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
parent 61cc74fb

block/blk-ioc.c

+5 −5
Original line number Diff line number Diff line
@@ -66,14 +66,14 @@ static void cfq_exit(struct io_context *ioc) 
}



/* Called by the exitting task */

void exit_io_context(void)

void exit_io_context(struct task_struct *task)

{

	struct io_context *ioc;



	task_lock(current);

	ioc = current->io_context;

	current->io_context = NULL;

	task_unlock(current);

	task_lock(task);

	ioc = task->io_context;

	task->io_context = NULL;

	task_unlock(task);



	if (atomic_dec_and_test(&ioc->nr_tasks)) {

		if (ioc->aic && ioc->aic->exit)

include/linux/iocontext.h

+3 −2
Original line number Diff line number Diff line
@@ -98,14 +98,15 @@ static inline struct io_context *ioc_task_link(struct io_context *ioc) 
	return NULL;

}



struct task_struct;

#ifdef CONFIG_BLOCK

int put_io_context(struct io_context *ioc);

void exit_io_context(void);

void exit_io_context(struct task_struct *task);

struct io_context *get_io_context(gfp_t gfp_flags, int node);

struct io_context *alloc_io_context(gfp_t gfp_flags, int node);

void copy_io_context(struct io_context **pdst, struct io_context **psrc);

#else

static inline void exit_io_context(void)

static inline void exit_io_context(struct task_struct *task)

{

}

kernel/exit.c

+1 −1
Original line number Diff line number Diff line
@@ -1004,7 +1004,7 @@ NORET_TYPE void do_exit(long code) 
	tsk->flags |= PF_EXITPIDONE;



	if (tsk->io_context)

		exit_io_context();

		exit_io_context(tsk);



	if (tsk->splice_pipe)

		__free_pipe_info(tsk->splice_pipe);

kernel/fork.c

+2 −1
Original line number Diff line number Diff line
@@ -1310,7 +1310,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, 
	if (pid != &init_struct_pid)

		free_pid(pid);

bad_fork_cleanup_io:

	put_io_context(p->io_context);

	if (p->io_context)

		exit_io_context(p);

bad_fork_cleanup_namespaces:

	exit_task_namespaces(p);

bad_fork_cleanup_mm: