[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.suse / cfq-ioc-race

From: Nikanth Karthikesan <knikanth@suse.de>
Subject: [PATCH] Exiting queue and task might race to free cic
References: bnc#444346
Patch-Mainline: No. being discussed.
Signed-off-by: Nikanth Karthikesan <knaikanth@suse.de>

When a queue exits the queue lock is taken and cfq_exit_queue() would
free all the cic's associated with the queue. But when a task exits,
cfq_exit_io_context() gets cic one by one and then locks the associated
queue to call __cfq_exit_single_io_context. In the window between
getting a cic from the ioc and locking the queue, the queue might have 
exited on another cpu.

Index: b/block/cfq-iosched.c
===================================================================
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -1310,7 +1310,15 @@ static void cfq_exit_single_io_context(s
 		unsigned long flags;
 
 		spin_lock_irqsave(q->queue_lock, flags);
-		__cfq_exit_single_io_context(cfqd, cic);
+
+		/*
+		 * Ensure we get a fresh copy of the ->key to prevent
+		 * race between exiting task and queue
+		 */
+		smp_read_barrier_depends();
+		if (likely(cic->key))
+			__cfq_exit_single_io_context(cfqd, cic);
+
 		spin_unlock_irqrestore(q->queue_lock, flags);
 	}
 }
Commit	Line	Data
2cb7cef9 BS	1	From: Nikanth Karthikesan <knikanth@suse.de>
	2	Subject: [PATCH] Exiting queue and task might race to free cic
	3	References: bnc#444346
	4	Patch-Mainline: No. being discussed.
	5	Signed-off-by: Nikanth Karthikesan <knaikanth@suse.de>
	6
	7	When a queue exits the queue lock is taken and cfq_exit_queue() would
	8	free all the cic's associated with the queue. But when a task exits,
	9	cfq_exit_io_context() gets cic one by one and then locks the associated
	10	queue to call __cfq_exit_single_io_context. In the window between
	11	getting a cic from the ioc and locking the queue, the queue might have
	12	exited on another cpu.
	13
	14	Index: b/block/cfq-iosched.c
	15	===================================================================
	16	--- a/block/cfq-iosched.c
	17	+++ b/block/cfq-iosched.c
	18	@@ -1310,7 +1310,15 @@ static void cfq_exit_single_io_context(s
	19	unsigned long flags;
	20
	21	spin_lock_irqsave(q->queue_lock, flags);
	22	- __cfq_exit_single_io_context(cfqd, cic);
	23	+
	24	+ /*
	25	+ * Ensure we get a fresh copy of the ->key to prevent
	26	+ * race between exiting task and queue
	27	+ */
	28	+ smp_read_barrier_depends();
	29	+ if (likely(cic->key))
	30	+ __cfq_exit_single_io_context(cfqd, cic);
	31	+
	32	spin_unlock_irqrestore(q->queue_lock, flags);
	33	}
	34	}