aio: lookup_ioctx can return the wrong value when looking up a bogus context - openslx/kernel-qcow2-linux.git

diff options

author	Jeff Moyer	2009-03-19 01:04:21 +0100
committer	Linus Torvalds	2009-03-19 23:57:18 +0100
commit	65c24491b4fef017c64e39ec64384fde5e05e0a0 (patch)
tree	3afa5c9eace50837f3c31238102358cf67b8a1ff /arch/arm/mm/copypage-v4mc.c
parent	eventfd: remove fput() call from possible IRQ context (diff)
download	kernel-qcow2-linux-65c24491b4fef017c64e39ec64384fde5e05e0a0.tar.gz kernel-qcow2-linux-65c24491b4fef017c64e39ec64384fde5e05e0a0.tar.xz kernel-qcow2-linux-65c24491b4fef017c64e39ec64384fde5e05e0a0.zip

aio: lookup_ioctx can return the wrong value when looking up a bogus context

The libaio test harness turned up a problem whereby lookup_ioctx on a bogus io context was returning the 1 valid io context from the list (harness/cases/3.p). Because of that, an extra put_iocontext was done, and when the process exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio (since we expect a users count of 1 and instead get 0). The problem was introduced by "aio: make the lookup_ioctx() lockless" (commit abf137dd7712132ee56d5b3143c2ff61a72a5faa). Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not return with a NULL tpos at the end of the loop, even if the entry was not found. Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Acked-by: Zach Brown <zach.brown@oracle.com> Acked-by: Jens Axboe <jens.axboe@oracle.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'arch/arm/mm/copypage-v4mc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: