> > As Jeff suggested, 1/3 was changed to simply remove the ->dead check.
> > I also updated the changelog.
> >
> > Jeff, I preserved your acks in 2-3.
>
> also remove ctx->dead setting in ioctx_alloc().
Remove the note about -EINVAL from the changelog.
Oleg.
kill_ioctx() sets ctx->dead and removes ctx from ->ioctx_table
"atomically" under mm->ioctx_lock, so aio_ring_remap() can never
see a dead ctx.
Signed-off-by: Oleg Nesterov <[email protected]>
Reviewed-by: Jeff Moyer <[email protected]>
---
fs/aio.c | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c
index 480440f..893d300 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -325,14 +325,11 @@ static int aio_ring_remap(struct file *file, struct vm_area_struct *vma)
rcu_read_lock();
table = rcu_dereference(mm->ioctx_table);
for (i = 0; i < table->nr; i++) {
- struct kioctx *ctx;
+ struct kioctx *ctx = table->table[i];
- ctx = table->table[i];
if (ctx && ctx->aio_ring_file == file) {
- if (!atomic_read(&ctx->dead)) {
- ctx->user_id = ctx->mmap_base = vma->vm_start;
- res = 0;
- }
+ ctx->user_id = ctx->mmap_base = vma->vm_start;
+ res = 0;
break;
}
}
--
1.5.5.1
"atomic_t dead" makes no sense. atomic_read() is the plain LOAD,
it doesn't have some "additional" synchronization with xchg().
And now that kill_ioctx() sets "dead" under mm->ioctx_lock we do
not even need xchg().
Also, the error path in ioctx_alloc() sets ->dead for no reason,
remove this.
Signed-off-by: Oleg Nesterov <[email protected]>
Reviewed-by: Jeff Moyer <[email protected]>
---
fs/aio.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c
index 893d300..4a360be 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -84,7 +84,7 @@ struct ctx_rq_wait {
struct kioctx {
struct percpu_ref users;
- atomic_t dead;
+ bool dead;
struct percpu_ref reqs;
@@ -765,7 +765,6 @@ static struct kioctx *ioctx_alloc(unsigned nr_events)
err_cleanup:
aio_nr_sub(ctx->max_reqs);
err_ctx:
- atomic_set(&ctx->dead, 1);
if (ctx->mmap_size)
vm_munmap(ctx->mmap_base, ctx->mmap_size);
aio_free_ring(ctx);
@@ -790,11 +789,12 @@ static int kill_ioctx(struct mm_struct *mm, struct kioctx *ctx,
struct kioctx_table *table;
spin_lock(&mm->ioctx_lock);
- if (atomic_xchg(&ctx->dead, 1)) {
+ if (unlikely(ctx->dead)) {
spin_unlock(&mm->ioctx_lock);
return -EINVAL;
}
+ ctx->dead = true;
table = rcu_dereference_raw(mm->ioctx_table);
WARN_ON(ctx != table->table[ctx->id]);
table->table[ctx->id] = NULL;
@@ -1236,7 +1236,7 @@ static bool aio_read_events(struct kioctx *ctx, long min_nr, long nr,
if (ret > 0)
*i += ret;
- if (unlikely(atomic_read(&ctx->dead)))
+ if (unlikely(ctx->dead))
ret = -EINVAL;
if (!*i)
--
1.5.5.1
aio_free_ring() can actually see the NULL page in ->ring_pages[],
this can happen if aio_setup_ring() fails.
And in this case page_count(ctx->ring_pages[i]) can OOPS.
Signed-off-by: Oleg Nesterov <[email protected]>
Reviewed-by: Jeff Moyer <[email protected]>
---
fs/aio.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c
index 4a360be..9bc1335 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -292,12 +292,12 @@ static void aio_free_ring(struct kioctx *ctx)
put_aio_ring_file(ctx);
for (i = 0; i < ctx->nr_pages; i++) {
- struct page *page;
- pr_debug("pid(%d) [%d] page->count=%d\n", current->pid, i,
- page_count(ctx->ring_pages[i]));
- page = ctx->ring_pages[i];
+ struct page *page = ctx->ring_pages[i];
if (!page)
continue;
+
+ pr_debug("pid(%d) [%d] page->count=%d\n",
+ current->pid, i, page_count(page));
ctx->ring_pages[i] = NULL;
put_page(page);
}
--
1.5.5.1
Hi Oleg,
On Fri, Jun 19, 2015 at 08:18:40PM +0200, Oleg Nesterov wrote:
> > > As Jeff suggested, 1/3 was changed to simply remove the ->dead check.
> > > I also updated the changelog.
> > >
> > > Jeff, I preserved your acks in 2-3.
> >
> > also remove ctx->dead setting in ioctx_alloc().
>
> Remove the note about -EINVAL from the changelog.
>
> Oleg.
These look pretty reasonable. I'll apply them to aio-next later today.
-ben
--
"Thought is the essence of where you are now."