Re: [patch] fs: aio fix rcu lookup
From: Jeff Moyer
Date: Mon Jan 17 2011 - 14:08:21 EST
Nick Piggin <npiggin@xxxxxxxxx> writes:
> On Sat, Jan 15, 2011 at 1:52 AM, Jeff Moyer <jmoyer@xxxxxxxxxx> wrote:
>> Nick Piggin <npiggin@xxxxxxxxx> writes:
>>
>>> Hi,
>>>
>>> While hunting down a bug in NFS's AIO, I believe I found this
>>> buggy code...
>>>
>>> fs: aio fix rcu ioctx lookup
>>>
>>> aio-dio-invalidate-failure GPFs in aio_put_req from io_submit.
>>>
>>> lookup_ioctx doesn't implement the rcu lookup pattern properly.
>>> rcu_read_lock does not prevent refcount going to zero, so we
>>> might take a refcount on a zero count ioctx.
>>
>> So, does this patch fix the problem? ÂYou didn't actually say....
>
> No, it seemd to be an NFS AIO problem, although it was a
> slightly older kernel so I'll re test after -rc1 if I haven't heard
> back about it.
OK.
> Do you agree with the theoretical problem? I didn't try to
> write a racer to break it yet. Inserting a delay before the
> get_ioctx might do the trick.
I'm not convinced, no. The last reference to the kioctx is always the
process, released in the exit_aio path, or via sys_io_destroy. In both
cases, we cancel all aios, then wait for them all to complete before
dropping the final reference to the context.
So, while I agree that what you wrote is better, I remain unconvinced of
it solving a real-world problem. Feel free to push it in as a cleanup,
though.
Cheers,
Jeff
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/