diff options
author | Zach Brown <zach.brown@oracle.com> | 2007-07-03 18:28:55 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-03 21:23:23 -0400 |
commit | fcb82f8835c1d71b4fe5de1d9894f45370f80dab (patch) | |
tree | cdb5f78ff1d41d511b01a04f3f20f7ea248adb20 | |
parent | 5dcccd8d7eae870d85c3f175fd0823d3da07d0e3 (diff) |
dio: remove bogus refcounting BUG_ON
Badari Pulavarty reported a case of this BUG_ON is triggering during
testing. It's completely bogus and should be removed.
It's trying to notice if we left references to the dio hanging around in
the sync case. They should have been dropped as IO completed while this
path was in dio_await_completion(). This condition will also be
checked, via some twisty logic, by the BUG_ON(ret != -EIOCBQUEUED) a few
lines lower. So to start this BUG_ON() is redundant.
More fatally, it's dereferencing dio-> after having dropped its
reference. It's only safe to dereference the dio after releasing the
lock if the final reference was just dropped. Another CPU might free
the dio in bio completion and reuse the memory after this path drops the
dio lock but before the BUG_ON() is evaluated.
This patch passed aio+dio regression unit tests and aio-stress on ext3.
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/direct-io.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/direct-io.c b/fs/direct-io.c index 8593f3dfd299..52bb2638f7ab 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c | |||
@@ -1106,7 +1106,7 @@ direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode, | |||
1106 | spin_lock_irqsave(&dio->bio_lock, flags); | 1106 | spin_lock_irqsave(&dio->bio_lock, flags); |
1107 | ret2 = --dio->refcount; | 1107 | ret2 = --dio->refcount; |
1108 | spin_unlock_irqrestore(&dio->bio_lock, flags); | 1108 | spin_unlock_irqrestore(&dio->bio_lock, flags); |
1109 | BUG_ON(!dio->is_async && ret2 != 0); | 1109 | |
1110 | if (ret2 == 0) { | 1110 | if (ret2 == 0) { |
1111 | ret = dio_complete(dio, offset, ret); | 1111 | ret = dio_complete(dio, offset, ret); |
1112 | kfree(dio); | 1112 | kfree(dio); |