• Kent Overstreet's avatar
    aio: Fix a trinity splat · e34ecee2
    Kent Overstreet authored
    aio kiocb refcounting was broken - it was relying on keeping track of
    the number of available ring buffer entries, which it needs to do
    anyways; then at shutdown time it'd wait for completions to be delivered
    until the # of available ring buffer entries equalled what it was
    initialized to.
    
    Problem with  that is that the ring buffer is mapped writable into
    userspace, so userspace could futz with the head and tail pointers to
    cause the kernel to see extra completions, and cause free_ioctx() to
    return while there were still outstanding kiocbs. Which would be bad.
    
    Fix is just to directly refcount the kiocbs - which is more
    straightforward, and with the new percpu refcounting code doesn't cost
    us any cacheline bouncing which was the whole point of the original
    scheme.
    
    Also clean up ioctx_alloc()'s error path and fix a bug where it wasn't
    subtracting from aio_nr if ioctx_add_table() failed.
    Signed-off-by: default avatarKent Overstreet <kmo@daterainc.com>
    e34ecee2
aio.c 36.3 KB