mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-04 20:19:47 +08:00
![]() When running test_stress_04.sh, the following warning is triggered: WARNING: CPU: 1 PID: 135 at drivers/block/ublk_drv.c:1933 ublk_ch_release+0x423/0x4b0 [ublk_drv] This happens when the daemon is abruptly killed: - some references may still be held, because registering IO buffer doesn't grab ublk char device reference OR - io->task_registered_buffers won't be cleared because io buffer is released from non-daemon context For zero-copy and auto buffer register modes, I/O reference crosses syscalls, so IO reference may not be dropped naturally when ublk server is killed abruptly. However, when releasing io_uring context, it is guaranteed that the reference is dropped finally, see io_sqe_buffers_unregister() from io_ring_ctx_free(). Fix this by adding ublk_drain_io_references() that: - Waits for active I/O references dropped in async way by scheduling work function, for avoiding ublk dev and io_uring file's release dependency - Reinitializes io->ref and io->task_registered_buffers to clean state This ensures the reference count state is clean when ublk_queue_reinit() is called, preventing the warning and potential use-after-free. Fixes: |
||
---|---|---|
.. | ||
aoe | ||
drbd | ||
mtip32xx | ||
null_blk | ||
rnbd | ||
xen-blkback | ||
zram | ||
amiflop.c | ||
ataflop.c | ||
brd.c | ||
floppy.c | ||
Kconfig | ||
loop.c | ||
Makefile | ||
n64cart.c | ||
nbd.c | ||
ps3disk.c | ||
ps3vram.c | ||
rbd_types.h | ||
rbd.c | ||
rnull.rs | ||
sunvdc.c | ||
swim3.c | ||
swim_asm.S | ||
swim.c | ||
ublk_drv.c | ||
virtio_blk.c | ||
xen-blkfront.c | ||
z2ram.c | ||
zloop.c |