Commit 65c24491 authored by Jeff Moyer's avatar Jeff Moyer Committed by Linus Torvalds

aio: lookup_ioctx can return the wrong value when looking up a bogus context

The libaio test harness turned up a problem whereby lookup_ioctx on a
bogus io context was returning the 1 valid io context from the list
(harness/cases/3.p).

Because of that, an extra put_iocontext was done, and when the process
exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio
(since we expect a users count of 1 and instead get 0).

The problem was introduced by "aio: make the lookup_ioctx() lockless"
(commit abf137dd).

Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not
return with a NULL tpos at the end of the loop, even if the entry was
not found.
Signed-off-by: default avatarJeff Moyer <jmoyer@redhat.com>
Acked-by: default avatarZach Brown <zach.brown@oracle.com>
Acked-by: default avatarJens Axboe <jens.axboe@oracle.com>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: <stable@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 87c3a86e
...@@ -587,7 +587,7 @@ int aio_put_req(struct kiocb *req) ...@@ -587,7 +587,7 @@ int aio_put_req(struct kiocb *req)
static struct kioctx *lookup_ioctx(unsigned long ctx_id) static struct kioctx *lookup_ioctx(unsigned long ctx_id)
{ {
struct mm_struct *mm = current->mm; struct mm_struct *mm = current->mm;
struct kioctx *ctx = NULL; struct kioctx *ctx, *ret = NULL;
struct hlist_node *n; struct hlist_node *n;
rcu_read_lock(); rcu_read_lock();
...@@ -595,12 +595,13 @@ static struct kioctx *lookup_ioctx(unsigned long ctx_id) ...@@ -595,12 +595,13 @@ static struct kioctx *lookup_ioctx(unsigned long ctx_id)
hlist_for_each_entry_rcu(ctx, n, &mm->ioctx_list, list) { hlist_for_each_entry_rcu(ctx, n, &mm->ioctx_list, list) {
if (ctx->user_id == ctx_id && !ctx->dead) { if (ctx->user_id == ctx_id && !ctx->dead) {
get_ioctx(ctx); get_ioctx(ctx);
ret = ctx;
break; break;
} }
} }
rcu_read_unlock(); rcu_read_unlock();
return ctx; return ret;
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment