io_uring/io-wq: fix `max_workers` breakage and `nr_workers` underflow

Commit 88e6c42e40de ("io_uring/io-wq: add check free worker before
create new worker") reused the variable `do_create` for something
else, abusing it for the free worker check.

This caused the value to effectively always be `true` at the time
`nr_workers < max_workers` was checked, but it should really be
`false`.  This means the `max_workers` setting was ignored, and worse:
if the limit had already been reached, incrementing `nr_workers` was
skipped even though another worker would be created.

When later lots of workers exit, the `nr_workers` field could easily
underflow, making the problem worse because more and more workers
would be created without incrementing `nr_workers`.

The simple solution is to use a different variable for the free worker
check instead of using one variable for two different things.

Cc: stable@vger.kernel.org
Fixes: 88e6c42e40de ("io_uring/io-wq: add check free worker before create new worker")
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Reviewed-by: Fengnan Chang <changfengnan@bytedance.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/io-wq.c b/io_uring/io-wq.c
index 17dfaa0395c46ba459b787d57c7fd10c4572e3d4..1d03b2fc4b25947e3b4c58dcfa7a31be7fa603f7 100644 (file)
--- a/io_uring/io-wq.c
+++ b/io_uring/io-wq.c
@@ -352,16 +352,16 @@ static void create_worker_cb(struct callback_head *cb)
        struct io_wq *wq;
 
        struct io_wq_acct *acct;
-       bool do_create = false;
+       bool activated_free_worker, do_create = false;
 
        worker = container_of(cb, struct io_worker, create_work);
        wq = worker->wq;
        acct = worker->acct;
 
        rcu_read_lock();
-       do_create = !io_acct_activate_free_worker(acct);
+       activated_free_worker = io_acct_activate_free_worker(acct);
        rcu_read_unlock();
-       if (!do_create)
+       if (activated_free_worker)
                goto no_need_create;
 
        raw_spin_lock(&acct->workers_lock);