Jens Axboe adeaa3f290 io_uring/io-wq: clear current->worker_private on exit ... A recent fix stopped clearing PF_IO_WORKER from current->flags on exit, which meant that we can now call inc/dec running on the worker after it has been removed if it ends up scheduling in/out as part of exit. If this happens after an RCU grace period has passed, then the struct pointed to by current->worker_private may have been freed, and we can now be accessing memory that is freed. Ensure this doesn't happen by clearing the task worker_private field. Both io_wq_worker_running() and io_wq_worker_sleeping() check this field before going any further, and we don't need any accounting etc done after this worker has exited. Fixes: fd37b88400 ("io_uring/io-wq: don't clear PF_IO_WORKER on exit") Reported-by: Zorro Lang <zlang@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>		2023-06-14 12:54:55 -06:00
..
advise.c
advise.h
alloc_cache.h
cancel.c
cancel.h
epoll.c	io_uring: undeprecate epoll_ctl support	2023-05-26 20:22:41 -06:00
epoll.h
fdinfo.c
fdinfo.h
filetable.c
filetable.h
fs.c
fs.h
io_uring.c
io_uring.h
io-wq.c	io_uring/io-wq: clear current->worker_private on exit	2023-06-14 12:54:55 -06:00
io-wq.h
kbuf.c
kbuf.h
Makefile
msg_ring.c
msg_ring.h
net.c	io_uring/net: save msghdr->msg_control for retries	2023-06-13 19:26:42 -06:00
net.h
nop.c
nop.h
notif.c
notif.h
opdef.c
opdef.h
openclose.c
openclose.h
poll.c
poll.h
refs.h
rsrc.c
rsrc.h
rw.c
rw.h
slist.h
splice.c
splice.h
sqpoll.c
sqpoll.h
statx.c
statx.h
sync.c
sync.h
tctx.c
tctx.h
timeout.c
timeout.h
uring_cmd.c
uring_cmd.h
xattr.c
xattr.h