io_uring: don't miscount pinned memory

io_sqe_buffer_unregister() uses cxt->sqo_mm for memory accounting, but
io_ring_ctx_free() drops ->sqo_mm before leaving pinned_vm
over-accounted. Postpone mm cleanup for when it's not needed anymore.

Fixes: 309758254ea62 ("io_uring: report pinned memory usage")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 6e5ea7991c081308c98a7ce3328e875c451972d4..ba7ce103667b5dfdb3b5feb5b409e229770b4674 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7670,12 +7670,12 @@ static void io_destroy_buffers(struct io_ring_ctx *ctx)
 static void io_ring_ctx_free(struct io_ring_ctx *ctx)
 {
        io_finish_async(ctx);
+       io_sqe_buffer_unregister(ctx);
        if (ctx->sqo_mm) {
                mmdrop(ctx->sqo_mm);
                ctx->sqo_mm = NULL;
        }
 
-       io_sqe_buffer_unregister(ctx);
        io_sqe_files_unregister(ctx);
        io_eventfd_unregister(ctx);
        io_destroy_buffers(ctx);