| From e47498afeca9a0c6d07eeeacc46d563555a3f677 Mon Sep 17 00:00:00 2001 |
| From: Jens Axboe <axboe@kernel.dk> |
| Date: Mon, 6 Dec 2021 10:49:04 -0700 |
| Subject: io-wq: remove spurious bit clear on task_work addition |
| |
| From: Jens Axboe <axboe@kernel.dk> |
| |
| commit e47498afeca9a0c6d07eeeacc46d563555a3f677 upstream. |
| |
| There's a small race here where the task_work could finish and drop |
| the worker itself, so that by the time that task_work_add() returns |
| with a successful addition we've already put the worker. |
| |
| The worker callbacks clear this bit themselves, so we don't actually |
| need to manually clear it in the caller. Get rid of it. |
| |
| Reported-by: syzbot+b60c982cb0efc5e05a47@syzkaller.appspotmail.com |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/io-wq.c | 4 +--- |
| 1 file changed, 1 insertion(+), 3 deletions(-) |
| |
| --- a/fs/io-wq.c |
| +++ b/fs/io-wq.c |
| @@ -359,10 +359,8 @@ static bool io_queue_worker_create(struc |
| |
| init_task_work(&worker->create_work, func); |
| worker->create_index = acct->index; |
| - if (!task_work_add(wq->task, &worker->create_work, TWA_SIGNAL)) { |
| - clear_bit_unlock(0, &worker->create_state); |
| + if (!task_work_add(wq->task, &worker->create_work, TWA_SIGNAL)) |
| return true; |
| - } |
| clear_bit_unlock(0, &worker->create_state); |
| fail_release: |
| io_worker_release(worker); |
