summaryrefslogtreecommitdiff
path: root/REPORTING-BUGS
diff options
context:
space:
mode:
authorKent Overstreet <kmo@daterainc.com>2013-10-11 02:31:47 (GMT)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-12-08 15:29:16 (GMT)
commit9a3809da8d4e37a8039fe308de63396eb18b3e89 (patch)
tree1d56511abf863c14244503d847e98135402a0d46 /REPORTING-BUGS
parent27135f5f3ba151eefff1305488dc98cbbc216710 (diff)
downloadlinux-fsl-qoriq-9a3809da8d4e37a8039fe308de63396eb18b3e89.tar.xz
aio: Fix a trinity splat
commit e34ecee2ae791df674dfb466ce40692ca6218e43 upstream. aio kiocb refcounting was broken - it was relying on keeping track of the number of available ring buffer entries, which it needs to do anyways; then at shutdown time it'd wait for completions to be delivered until the # of available ring buffer entries equalled what it was initialized to. Problem with that is that the ring buffer is mapped writable into userspace, so userspace could futz with the head and tail pointers to cause the kernel to see extra completions, and cause free_ioctx() to return while there were still outstanding kiocbs. Which would be bad. Fix is just to directly refcount the kiocbs - which is more straightforward, and with the new percpu refcounting code doesn't cost us any cacheline bouncing which was the whole point of the original scheme. Also clean up ioctx_alloc()'s error path and fix a bug where it wasn't subtracting from aio_nr if ioctx_add_table() failed. Signed-off-by: Kent Overstreet <kmo@daterainc.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'REPORTING-BUGS')
0 files changed, 0 insertions, 0 deletions