io_uring: ensure io-wq context is always destroyed for tasks

If the task ends up doing no IO, the context list is empty and we don't
call into __io_uring_files_cancel() when the task exits. This can cause
a leak of the io-wq structures.

Ensure we always call __io_uring_files_cancel(), even if the task
context list is empty.

Fixes: 5aa75ed5b93f ("io_uring: tie async worker side to the task context")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index e62ad6b..0a435a6 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8800,9 +8800,10 @@ void __io_uring_files_cancel(struct files_struct *files)
 
        if (files) {
                io_uring_remove_task_files(tctx);
-       } else if (tctx->io_wq && current->flags & PF_EXITING) {
-               io_wq_destroy(tctx->io_wq);
-               tctx->io_wq = NULL;
+               if (tctx->io_wq) {
+                       io_wq_destroy(tctx->io_wq);
+                       tctx->io_wq = NULL;
+               }
        }
 }
 

diff --git a/include/linux/io_uring.h b/include/linux/io_uring.h
index c48fcbd..51ede77 100644 (file)
--- a/include/linux/io_uring.h
+++ b/include/linux/io_uring.h
@@ -43,7 +43,7 @@ static inline void io_uring_task_cancel(void)
 }
 static inline void io_uring_files_cancel(struct files_struct *files)
 {
-       if (current->io_uring && !xa_empty(&current->io_uring->xa))
+       if (current->io_uring)
                __io_uring_files_cancel(files);
 }
 static inline void io_uring_free(struct task_struct *tsk)