iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

aio: report error from io_destroy() when threads race in io_destroy()

Browse Source 
As reported by Anatol Pomozov, io_destroy() fails to report an error when
it loses the race to destroy a given ioctx.  Since there is a difference in
behaviour between the thread that wins the race (which blocks on outstanding
io requests) versus lthe thread that loses (which returns immediately), wire
up a return code from kill_ioctx() to the io_destroy() syscall.

Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Cc: Anatol Pomozov <anatol.pomozov@gmail.com>
This commit is contained in:
Benjamin LaHaise 2014-04-29 12:45:17 -04:00
parent d52a8f9ead
commit fb2d448383
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
fs/aio.c
View File

@ -727,7 +727,7 @@ err:
* when the processes owning a context have all exited to encourage * when the processes owning a context have all exited to encourage
* the rapid destruction of the kioctx. * the rapid destruction of the kioctx.
*/ */
static void kill_ioctx(struct mm_struct *mm, struct kioctx *ctx, static int kill_ioctx(struct mm_struct *mm, struct kioctx *ctx,
struct completion *requests_done) struct completion *requests_done)
{ {
if (!atomic_xchg(&ctx->dead, 1)) { if (!atomic_xchg(&ctx->dead, 1)) {
@ -759,10 +759,10 @@ static void kill_ioctx(struct mm_struct *mm, struct kioctx *ctx,
ctx->requests_done = requests_done; ctx->requests_done = requests_done;
percpu_ref_kill(&ctx->users); percpu_ref_kill(&ctx->users);
} else { return 0;
if (requests_done)
complete(requests_done);
} }
return -EINVAL;
} }
/* wait_on_sync_kiocb: /* wait_on_sync_kiocb:
@ -1219,21 +1219,23 @@ SYSCALL_DEFINE1(io_destroy, aio_context_t, ctx)
if (likely(NULL != ioctx)) { if (likely(NULL != ioctx)) {
struct completion requests_done = struct completion requests_done =
COMPLETION_INITIALIZER_ONSTACK(requests_done); COMPLETION_INITIALIZER_ONSTACK(requests_done);
int ret;
/* Pass requests_done to kill_ioctx() where it can be set /* Pass requests_done to kill_ioctx() where it can be set
* in a thread-safe way. If we try to set it here then we have * in a thread-safe way. If we try to set it here then we have
* a race condition if two io_destroy() called simultaneously. * a race condition if two io_destroy() called simultaneously.
*/ */
kill_ioctx(current->mm, ioctx, &requests_done); ret = kill_ioctx(current->mm, ioctx, &requests_done);
percpu_ref_put(&ioctx->users); percpu_ref_put(&ioctx->users);
/* Wait until all IO for the context are done. Otherwise kernel /* Wait until all IO for the context are done. Otherwise kernel
* keep using user-space buffers even if user thinks the context * keep using user-space buffers even if user thinks the context
* is destroyed. * is destroyed.
*/ */
wait_for_completion(&requests_done); if (!ret)
wait_for_completion(&requests_done);
return 0; return ret;
} }
pr_debug("EINVAL: io_destroy: invalid context id\n"); pr_debug("EINVAL: io_destroy: invalid context id\n");
return -EINVAL; return -EINVAL;