mirror of https://github.com/torvalds/linux.git
c5c5eb24ed
When running test_stress_04.sh, the following warning is triggered: WARNING: CPU: 1 PID: 135 at drivers/block/ublk_drv.c:1933 ublk_ch_release+0x423/0x4b0 [ublk_drv] This happens when the daemon is abruptly killed: - some references may still be held, because registering IO buffer doesn't grab ublk char device reference OR - io->task_registered_buffers won't be cleared because io buffer is released from non-daemon context For zero-copy and auto buffer register modes, I/O reference crosses syscalls, so IO reference may not be dropped naturally when ublk server is killed abruptly. However, when releasing io_uring context, it is guaranteed that the reference is dropped finally, see io_sqe_buffers_unregister() from io_ring_ctx_free(). Fix this by adding ublk_drain_io_references() that: - Waits for active I/O references dropped in async way by scheduling work function, for avoiding ublk dev and io_uring file's release dependency - Reinitializes io->ref and io->task_registered_buffers to clean state This ensures the reference count state is clean when ublk_queue_reinit() is called, preventing the warning and potential use-after-free. Fixes: |
||
|---|---|---|
| .. | ||
| aoe | ||
| drbd | ||
| mtip32xx | ||
| null_blk | ||
| rnbd | ||
| xen-blkback | ||
| zram | ||
| Kconfig | ||
| Makefile | ||
| amiflop.c | ||
| ataflop.c | ||
| brd.c | ||
| floppy.c | ||
| loop.c | ||
| n64cart.c | ||
| nbd.c | ||
| ps3disk.c | ||
| ps3vram.c | ||
| rbd.c | ||
| rbd_types.h | ||
| rnull.rs | ||
| sunvdc.c | ||
| swim.c | ||
| swim3.c | ||
| swim_asm.S | ||
| ublk_drv.c | ||
| virtio_blk.c | ||
| xen-blkfront.c | ||
| z2ram.c | ||
| zloop.c | ||