Re: block: ioc->refcount accessed twice in put_io_context()?
From: Shaohua Li
Date: Sun Apr 10 2011 - 21:54:20 EST
2011/4/10 Paul Bolle <pebolle@xxxxxxxxxx>:
> 0) Looking for clues to solve a problem I ran into, I noticed something
> odd in block/blk-ioc.c:put_io_context(). It seems it accesses the atomic
> variable ioc->refcount twice in a way which suggests things might race.
>
> 1) Code is more exact than words, so this (entirely untested) patch to
> solve this possible race might describe better what this is all about:
>
> @@ -33,12 +33,16 @@ static void cfq_dtor(struct io_context *ioc)
> */
> int put_io_context(struct io_context *ioc)
> {
> + int new;
> +
> if (ioc == NULL)
> return 1;
>
> - BUG_ON(atomic_long_read(&ioc->refcount) == 0);
> + new = atomic_long_dec_return(&ioc->refcount);
> +
> + BUG_ON(new < 0);
>
> - if (atomic_long_dec_and_test(&ioc->refcount)) {
> + if (new == 0) {
> rcu_read_lock();
> cfq_dtor(ioc);
> rcu_read_unlock();
>
so you hit this line?
BUG_ON(atomic_long_read(&ioc->refcount) == 0);
this suggests something else is already wrong, you should fix that.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/