Re: block: GPF in get_task_ioprio

From: Dmitry Vyukov
Date: Fri Jul 01 2016 - 04:39:48 EST

Next message: Lee Jones: "Re: [PATCH v4 1/7] mfd: ac100: Add device tree bindings for X-Powers AC100 codec/RTC combo IC"
Previous message: Hillf Danton: "Re: [PATCH 4/6] mm: move flush in madvise_free_pte_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 1, 2016 at 4:43 AM, Omar Sandoval <osandov@xxxxxxxxxxx> wrote:
> On Thu, Jun 30, 2016 at 10:50:44AM +0200, Dmitry Vyukov wrote:
>> Hello,
>>
>> The following program triggers GPF in get_task_ioprio if run in a parallel loop:
>
> Dmitry,
>
> Could you please try the below?
>
> diff --git a/block/ioprio.c b/block/ioprio.c
> index cc7800e9eb44..01b8116298a1 100644
> --- a/block/ioprio.c
> +++ b/block/ioprio.c
> @@ -150,8 +150,10 @@ static int get_task_ioprio(struct task_struct *p)
> if (ret)
> goto out;
> ret = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, IOPRIO_NORM);
> + task_lock(p);
> if (p->io_context)
> ret = p->io_context->ioprio;
> + task_unlock(p);
> out:
> return ret;
> }
>
> I'm having a hard time reproducing it but I can see how it could happen;
> I think `p->io_context` is getting freed in exit_io_context() in between
> the `if (p->io_context)` and `ret = p->io_context->ioprio`.

I see that you were able to reproduce it. So I am not testing it.

Next message: Lee Jones: "Re: [PATCH v4 1/7] mfd: ac100: Add device tree bindings for X-Powers AC100 codec/RTC combo IC"
Previous message: Hillf Danton: "Re: [PATCH 4/6] mm: move flush in madvise_free_pte_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]