Revision 10f1d5d111e8aed46a0f1179faf9a3cf422f689e authored by Joe Thornber on 27 June 2014, 19:29:04 UTC, committed by Mike Snitzer on 10 July 2014, 20:44:14 UTC
There's a race condition between the atomic_dec_and_test(&io->count) in dec_count() and the waking of the sync_io() thread. If the thread is spuriously woken immediately after the decrement it may exit, making the on stack io struct invalid, yet the dec_count could still be using it. Fix this race by using a completion in sync_io() and dec_count(). Reported-by: Minfei Huang <huangminfei@ucloud.cn> Signed-off-by: Joe Thornber <thornber@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Acked-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org
1 parent bf14299
| File | Mode | Size |
|---|---|---|
| perf | ||
| .gitignore | -rw-r--r-- | 12 bytes |
| Makefile | -rw-r--r-- | 881 bytes |
| asm-offsets.c | -rw-r--r-- | 242 bytes |
| cachepart.c | -rw-r--r-- | 3.5 KB |
| clock.c | -rw-r--r-- | 2.6 KB |
| core_reg.c | -rw-r--r-- | 3.0 KB |
| da.c | -rw-r--r-- | 470 bytes |
| devtree.c | -rw-r--r-- | 1.7 KB |
| dma.c | -rw-r--r-- | 11.8 KB |
| ftrace.c | -rw-r--r-- | 3.0 KB |
| ftrace_stub.S | -rw-r--r-- | 1.7 KB |
| head.S | -rw-r--r-- | 1.7 KB |
| irq.c | -rw-r--r-- | 6.7 KB |
| kick.c | -rw-r--r-- | 3.1 KB |
| machines.c | -rw-r--r-- | 359 bytes |
| metag_ksyms.c | -rw-r--r-- | 1.1 KB |
| module.c | -rw-r--r-- | 7.8 KB |
| perf_callchain.c | -rw-r--r-- | 2.1 KB |
| process.c | -rw-r--r-- | 10.4 KB |
| ptrace.c | -rw-r--r-- | 10.2 KB |
| setup.c | -rw-r--r-- | 15.6 KB |
| signal.c | -rw-r--r-- | 8.6 KB |
| smp.c | -rw-r--r-- | 15.5 KB |
| stacktrace.c | -rw-r--r-- | 4.4 KB |
| sys_metag.c | -rw-r--r-- | 4.5 KB |
| tbiunexp.S | -rw-r--r-- | 789 bytes |
| tcm.c | -rw-r--r-- | 3.3 KB |
| time.c | -rw-r--r-- | 517 bytes |
| topology.c | -rw-r--r-- | 1.7 KB |
| traps.c | -rw-r--r-- | 24.4 KB |
| user_gateway.S | -rw-r--r-- | 2.8 KB |
| vmlinux.lds.S | -rw-r--r-- | 1.3 KB |
Computing file changes ...
