Commit f024d3a8 authored by Jens Axboe's avatar Jens Axboe
Browse files

io_uring/fdinfo: annotate racy sq/cq head/tail reads 

syzbot complains about the cached sq head read, and it's totally right.
But we don't need to care, it's just reading fdinfo, and reading the
CQ or SQ tail/head entries are known racy in that they are just a view
into that very instant and may of course be outdated by the time they
are reported.

Annotate both the SQ head and CQ tail read with data_race() to avoid
this syzbot complaint.

Link: https://lore.kernel.org/io-uring/6811f6dc.050a0220.39e3a1.0d0e.GAE@google.com/


Reported-by: default avatar <syzbot+3e77fd302e99f5af9394@syzkaller.appspotmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent edd43f4d

io_uring/fdinfo.c

+2 −2
Original line number Diff line number Diff line
@@ -123,11 +123,11 @@ __cold void io_uring_show_fdinfo(struct seq_file *m, struct file *file) 
	seq_printf(m, "SqMask:\t0x%x\n", sq_mask);

	seq_printf(m, "SqHead:\t%u\n", sq_head);

	seq_printf(m, "SqTail:\t%u\n", sq_tail);

	seq_printf(m, "CachedSqHead:\t%u\n", ctx->cached_sq_head);

	seq_printf(m, "CachedSqHead:\t%u\n", data_race(ctx->cached_sq_head));

	seq_printf(m, "CqMask:\t0x%x\n", cq_mask);

	seq_printf(m, "CqHead:\t%u\n", cq_head);

	seq_printf(m, "CqTail:\t%u\n", cq_tail);

	seq_printf(m, "CachedCqTail:\t%u\n", ctx->cached_cq_tail);

	seq_printf(m, "CachedCqTail:\t%u\n", data_race(ctx->cached_cq_tail));

	seq_printf(m, "SQEs:\t%u\n", sq_tail - sq_head);

	sq_entries = min(sq_tail - sq_head, ctx->sq_entries);

	for (i = 0; i < sq_entries; i++) {