diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2018-05-28 19:37:43 +0200 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2018-05-30 05:16:43 +0200 |
commit | 3c96c7f4caeb044da53a85092903f9192f4e2342 (patch) | |
tree | 49bd32638cef03350ed7ce600b08533e64f6055c /fs/aio.c | |
parent | aio: add missing break for the IOCB_CMD_FDSYNC case (diff) | |
download | linux-3c96c7f4caeb044da53a85092903f9192f4e2342.tar.xz linux-3c96c7f4caeb044da53a85092903f9192f4e2342.zip |
aio: take list removal to (some) callers of aio_complete()
We really want iocb out of io_cancel(2) reach before we start tearing
it down.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/aio.c')
-rw-r--r-- | fs/aio.c | 38 |
1 files changed, 21 insertions, 17 deletions
@@ -1073,14 +1073,6 @@ static void aio_complete(struct aio_kiocb *iocb, long res, long res2) unsigned tail, pos, head; unsigned long flags; - if (!list_empty_careful(&iocb->ki_list)) { - unsigned long flags; - - spin_lock_irqsave(&ctx->ctx_lock, flags); - list_del(&iocb->ki_list); - spin_unlock_irqrestore(&ctx->ctx_lock, flags); - } - /* * Add a completion event to the ring buffer. Must be done holding * ctx->completion_lock to prevent other code from messing with the tail @@ -1398,10 +1390,23 @@ SYSCALL_DEFINE1(io_destroy, aio_context_t, ctx) return -EINVAL; } +static void aio_remove_iocb(struct aio_kiocb *iocb) +{ + struct kioctx *ctx = iocb->ki_ctx; + unsigned long flags; + + spin_lock_irqsave(&ctx->ctx_lock, flags); + list_del(&iocb->ki_list); + spin_unlock_irqrestore(&ctx->ctx_lock, flags); +} + static void aio_complete_rw(struct kiocb *kiocb, long res, long res2) { struct aio_kiocb *iocb = container_of(kiocb, struct aio_kiocb, rw); + if (!list_empty_careful(&iocb->ki_list)) + aio_remove_iocb(iocb); + if (kiocb->ki_flags & IOCB_WRITE) { struct inode *inode = file_inode(kiocb->ki_filp); @@ -1594,20 +1599,19 @@ static inline bool __aio_poll_remove(struct poll_iocb *req) return true; } -static inline void __aio_poll_complete(struct poll_iocb *req, __poll_t mask) +static inline void __aio_poll_complete(struct aio_kiocb *iocb, __poll_t mask) { - struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll); - struct file *file = req->file; - + fput(iocb->poll.file); aio_complete(iocb, mangle_poll(mask), 0); - fput(file); } static void aio_poll_work(struct work_struct *work) { - struct poll_iocb *req = container_of(work, struct poll_iocb, work); + struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, poll.work); - __aio_poll_complete(req, req->events); + if (!list_empty_careful(&iocb->ki_list)) + aio_remove_iocb(iocb); + __aio_poll_complete(iocb, iocb->poll.events); } static int aio_poll_cancel(struct kiocb *iocb) @@ -1658,7 +1662,7 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, list_del_init(&iocb->ki_list); spin_unlock(&iocb->ki_ctx->ctx_lock); - __aio_poll_complete(req, mask); + __aio_poll_complete(iocb, mask); } else { req->events = mask; INIT_WORK(&req->work, aio_poll_work); @@ -1710,7 +1714,7 @@ static ssize_t aio_poll(struct aio_kiocb *aiocb, struct iocb *iocb) spin_unlock_irq(&ctx->ctx_lock); done: if (mask) - __aio_poll_complete(req, mask); + __aio_poll_complete(aiocb, mask); return -EIOCBQUEUED; out_fail: fput(req->file); |