• Zach Brown's avatar
    [PATCH] aio: lock around kiocbTryKick() · 998765e5
    Zach Brown authored
    Only one of the run or kick path is supposed to put an iocb on the run
    list.  If both of them do it than one of them can end up referencing a
    freed iocb.  The kick patch could set the Kicked bit before acquiring the
    ctx_lock and putting the iocb on the run list.  The run path, while holding
    the ctx_lock, could see this partial kick and mistake it for a kick that
    was deferred while it was doing work with the run_list NULLed out.  It
    would then race with the kick thread to add the iocb to the run list.
    
    This patch moves the kick setting under the ctx_lock so that only one of
    the kick or run path queues the iocb on the run list, as intended.
    Signed-off-by: default avatarZach Brown <zach.brown@oracle.com>
    Signed-off-by: default avatarBenjamin LaHaise <bcrl@linux.intel.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    998765e5
aio.c 44.5 KB