• Zach Brown's avatar
    [PATCH] aio: remove unlocked task_list test and resulting race · 897f15fb
    Zach Brown authored
    Only one of the run or kick path is supposed to put an iocb on the run
    list.  If both of them do it than one of them can end up referencing a
    freed iocb.  The kick path could delete the task_list item from the wait
    queue before getting the ctx_lock and putting the iocb on the run list.
    The run path was testing the task_list item outside the lock so that it
    could catch ki_retry methods that return -EIOCBRETRY *without* putting the
    iocb on a wait queue and promising to call kick_iocb.  This unlocked check
    could then race with the kick path to cause both to try and put the iocb on
    the run list.
    
    The patch stops the run path from testing task_list by requring that any
    ki_retry that returns -EIOCBRETRY *must* guarantee that kick_iocb() will be
    called in the future.  aio_p{read,write}, the only in-tree -EIOCBRETRY
    users, are updated.
    Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
    Signed-off-by: default avatarBenjamin LaHaise <bcrl@linux.intel.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    897f15fb
aio.c 44.2 KB