Andrew and Suparna,
Here is a patch to hold an extra reference count on the AIO request iocb
while it is being submitted and then drop it ref before returning.
This prevents the race I was seeing with AIO O_DIRECT tests on ext3
where the aio_complete() was freeing the iocb while it was still
be referenced by the AIO submit code path. I've run this on my
2-proc box with CONFIG_DEBUG_PAGEALLOC on and I no longer hit
the oops. The other option is to change the AIO code to never
reference the iocb after it has been submitted, but that seems more
error prone. This patch is a very small change. I am surprised we have
not seen this race before.
Thoughts?
Daniel