aboutsummaryrefslogtreecommitdiff
path: root/block/blk-ioc.c
diff options
context:
space:
mode:
authorJens Axboe <jens.axboe@oracle.com>2008-05-07 09:17:12 +0200
committerJens Axboe <jens.axboe@oracle.com>2008-05-07 09:28:57 +0200
commit07416d29bcf608257f1e5280642dcbe0021518a3 (patch)
tree6b88b2b043cac10b34234320c68e06848c00127c /block/blk-ioc.c
parentaa94b5371f6f898558d9fa5690cc6e4bf917a572 (diff)
downloadvexpress-lsk-07416d29bcf608257f1e5280642dcbe0021518a3.tar.gz
cfq-iosched: fix RCU race in the cfq io_context destructor handling
put_io_context() drops the RCU read lock before calling into cfq_dtor(), however we need to hold off freeing there before grabbing and dereferencing the first object on the list. So extend the rcu_read_lock() scope to cover the calling of cfq_dtor(), and optimize cfq_free_io_context() to use a new variant for call_for_each_cic() that assumes the RCU read lock is already held. Hit in the wild by Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'block/blk-ioc.c')
-rw-r--r--block/blk-ioc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/block/blk-ioc.c b/block/blk-ioc.c
index e34df7c9fc3..012f065ac8e 100644
--- a/block/blk-ioc.c
+++ b/block/blk-ioc.c
@@ -41,8 +41,8 @@ int put_io_context(struct io_context *ioc)
rcu_read_lock();
if (ioc->aic && ioc->aic->dtor)
ioc->aic->dtor(ioc->aic);
- rcu_read_unlock();
cfq_dtor(ioc);
+ rcu_read_unlock();
kmem_cache_free(iocontext_cachep, ioc);
return 1;