cfq-iosched: fix RCU race in the cfq io_context destructor handling (07416d29) · Commits · e / devices / android_kernel_fairphone_FP3

block/blk-ioc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -41,8 +41,8 @@ int put_io_context(struct io_context *ioc)
		rcu_read_lock();
		if (ioc->aic && ioc->aic->dtor)
		ioc->aic->dtor(ioc->aic);
		rcu_read_unlock();
		cfq_dtor(ioc);
		rcu_read_unlock();

		kmem_cache_free(iocontext_cachep, ioc);
		return 1;

+13 −6

Original line number	Diff line number	Diff line
		@@ -1142,19 +1142,26 @@ static void cfq_put_queue(struct cfq_queue *cfqq)
		kmem_cache_free(cfq_pool, cfqq);
		}

		/*
		* Call func for each cic attached to this ioc.
		*/
		static void
		call_for_each_cic(struct io_context *ioc,
		__call_for_each_cic(struct io_context *ioc,
		void (func)(struct io_context , struct cfq_io_context *))
		{
		struct cfq_io_context *cic;
		struct hlist_node *n;

		rcu_read_lock();
		hlist_for_each_entry_rcu(cic, n, &ioc->cic_list, cic_list)
		func(ioc, cic);
		}

		/*
		* Call func for each cic attached to this ioc.
		*/
		static void
		call_for_each_cic(struct io_context *ioc,
		void (func)(struct io_context , struct cfq_io_context *))
		{
		rcu_read_lock();
		__call_for_each_cic(ioc, func);
		rcu_read_unlock();
		}

		@@ -1198,7 +1205,7 @@ static void cfq_free_io_context(struct io_context *ioc)
		* should be ok to iterate over the known list, we will see all cic's
		* since no new ones are added.
		*/
		call_for_each_cic(ioc, cic_free_func);
		__call_for_each_cic(ioc, cic_free_func);
		}

		static void cfq_exit_cfqq(struct cfq_data cfqd, struct cfq_queue cfqq)