Commit 2a539f2e authored Feb 28, 2023 by Pavel Begunkov Committed by Jialin Zhang Feb 28, 2023

io_uring: correct pinned_vm accounting

stable inclusion
from stable-v5.10.150
commit 67cbc8865a66533fa08c1c13fe9acbaaae63c403
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6BTWC
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.168&id=67cbc8865a66533fa08c1c13fe9acbaaae63c403



--------------------------------

[ upstream commit 42b6419d ]

->mm_account should be released only after we free all registered
buffers, otherwise __io_sqe_buffers_unregister() will see a NULL
->mm_account and skip locked_vm accounting.

Cc: <Stable@vger.kernel.org>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/6d798f65ed4ab8db3664c4d3397d4af16ca98846.1664849932.git.asml.silence@gmail.com


Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Wang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parent 2d57ade4

fs/io_uring.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -8475,8 +8475,6 @@ static void io_ring_ctx_free(struct io_ring_ctx *ctx)
		if (ctx->sqo_task) {
		put_task_struct(ctx->sqo_task);
		ctx->sqo_task = NULL;
		mmdrop(ctx->mm_account);
		ctx->mm_account = NULL;
		}

		#ifdef CONFIG_BLK_CGROUP
		@@ -8497,6 +8495,11 @@ static void io_ring_ctx_free(struct io_ring_ctx *ctx)
		}
		#endif

		if (ctx->mm_account) {
		mmdrop(ctx->mm_account);
		ctx->mm_account = NULL;
		}

		io_mem_free(ctx->rings);
		io_mem_free(ctx->sq_sqes);