diff options
author | Jens Axboe <jens.axboe@oracle.com> | 2008-05-07 03:17:12 -0400 |
---|---|---|
committer | Jens Axboe <jens.axboe@oracle.com> | 2008-05-07 03:28:57 -0400 |
commit | 07416d29bcf608257f1e5280642dcbe0021518a3 (patch) | |
tree | 6b88b2b043cac10b34234320c68e06848c00127c /block/blk-ioc.c | |
parent | aa94b5371f6f898558d9fa5690cc6e4bf917a572 (diff) |
cfq-iosched: fix RCU race in the cfq io_context destructor handling
put_io_context() drops the RCU read lock before calling into cfq_dtor(),
however we need to hold off freeing there before grabbing and
dereferencing the first object on the list.
So extend the rcu_read_lock() scope to cover the calling of cfq_dtor(),
and optimize cfq_free_io_context() to use a new variant for
call_for_each_cic() that assumes the RCU read lock is already held.
Hit in the wild by Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'block/blk-ioc.c')
-rw-r--r-- | block/blk-ioc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block/blk-ioc.c b/block/blk-ioc.c index e34df7c9fc3..012f065ac8e 100644 --- a/block/blk-ioc.c +++ b/block/blk-ioc.c | |||
@@ -41,8 +41,8 @@ int put_io_context(struct io_context *ioc) | |||
41 | rcu_read_lock(); | 41 | rcu_read_lock(); |
42 | if (ioc->aic && ioc->aic->dtor) | 42 | if (ioc->aic && ioc->aic->dtor) |
43 | ioc->aic->dtor(ioc->aic); | 43 | ioc->aic->dtor(ioc->aic); |
44 | rcu_read_unlock(); | ||
45 | cfq_dtor(ioc); | 44 | cfq_dtor(ioc); |
45 | rcu_read_unlock(); | ||
46 | 46 | ||
47 | kmem_cache_free(iocontext_cachep, ioc); | 47 | kmem_cache_free(iocontext_cachep, ioc); |
48 | return 1; | 48 | return 1; |