Re: [PATCH 33/33] aio: fix kioctx not being freed after cancellationat exit time

[Theodore Ts'o]

On Thu, Mar 21, 2013 at 09:35:54AM -0700, Kent Overstreet wrote:
> From: Benjamin LaHaise <bcrl@xxxxxxxxx>
> 
> The recent changes overhauling fs/aio.c introduced a bug that results in the
> kioctx not being freed when outstanding kiocbs are cancelled at exit_aio()
> time.  Specifically, a kiocb that is cancelled has its completion events
> discarded by batch_complete_aio(), which then fails to wake up the process
> stuck in free_ioctx().  Fix this by removing the event suppression in
> batch_complete_aio() and modify the wait_event() condition in free_ioctx()
> appropriately.

Once you remove the event suppression, then it means that every single
cancelled AIO will result in ki_ctx->reqs_available getting double
incremented, right?  But reqs_available gets used in more places than
just free_ioctx().  It also gets used (for example) by
get_reqs_available(), which in turn gets used by aio_get_req() to
decide whether or not it's safe to allocate another aio_request.
Since reqs_available is getting double allocated, won't we end up
allowing more AIO requests to be issued --- more than we would have
room in the ring?

Am I missing something?

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/