Re: [PATCH 2/2] aio: fix kioctx not being freed after cancellationat exit time
From: Kent Overstreet
Date: Wed Feb 13 2013 - 20:36:49 EST
On Wed, Feb 13, 2013 at 12:46:36PM -0500, Benjamin LaHaise wrote:
> The recent changes overhauling fs/aio.c introduced a bug that results in the
> kioctx not being freed when outstanding kiocbs are cancelled at exit_aio()
> time. Specifically, a kiocb that is cancelled has its completion events
> discarded by batch_complete_aio(), which then fails to wake up the process
> stuck in free_ioctx(). Fix this by adding a wake_up() in batch_complete_aio()
> and modifying the wait_event() condition in free_ioctx() appropriately.
>
> Signed-off-by: Benjamin LaHaise <bcrl@xxxxxxxxx>
> ---
> fs/aio.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/fs/aio.c b/fs/aio.c
> index dc52b0c..46f9dd0 100644
> --- a/fs/aio.c
> +++ b/fs/aio.c
> @@ -335,7 +335,9 @@ static void free_ioctx(struct kioctx *ctx)
> kunmap_atomic(ring);
>
> while (atomic_read(&ctx->reqs_available) < ctx->nr) {
> - wait_event(ctx->wait, head != ctx->shadow_tail);
> + wait_event(ctx->wait,
> + (head != ctx->shadow_tail) ||
> + (atomic_read(&ctx->reqs_available) != ctx->nr));
That test looks backwards - I think we want to wait until reqs_available
== ctx->nr
>
> avail = (head <= ctx->shadow_tail ?
> ctx->shadow_tail : ctx->nr) - head;
> @@ -754,6 +756,7 @@ void batch_complete_aio(struct batch_complete *batch)
> * with free_ioctx()
> */
> atomic_inc(&req->ki_ctx->reqs_available);
> + wake_up(&req->ki_ctx->wait);
> aio_put_req(req);
> continue;
> }
> --
> 1.7.4.1
>
>
> --
> "Thought is the essence of where you are now."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/