From: Al Viro <viro@ZenIV.linux.org.uk>
To: Christoph Hellwig <hch@lst.de>
Cc: Avi Kivity <avi@scylladb.com>,
linux-aio@kvack.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, linux-api@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/31] aio: implement IOCB_CMD_POLL
Date: Tue, 22 May 2018 23:05:24 +0100 [thread overview]
Message-ID: <20180522220524.GE30522@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20180522113108.25713-9-hch@lst.de>
On Tue, May 22, 2018 at 01:30:45PM +0200, Christoph Hellwig wrote:
> +static inline void __aio_poll_complete(struct poll_iocb *req, __poll_t mask)
> +{
> + struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll);
> +
> + fput(req->file);
> + aio_complete(iocb, mangle_poll(mask), 0);
> +}
Careful.
> +static int aio_poll_cancel(struct kiocb *iocb)
> +{
> + struct aio_kiocb *aiocb = container_of(iocb, struct aio_kiocb, rw);
> + struct poll_iocb *req = &aiocb->poll;
> + struct wait_queue_head *head = req->head;
> + bool found = false;
> +
> + spin_lock(&head->lock);
> + found = __aio_poll_remove(req);
> + spin_unlock(&head->lock);
What's to guarantee that req->head has not been freed by that point?
Look: wakeup finds ->ctx_lock held, so it leaves the sucker on the
list, removes it from queue and schedules the call of __aio_poll_complete().
Which gets executed just as we hit aio_poll_cancel(), starting with fput().
You really want to do aio_complete() before fput(). That way you know that
req->wait is alive and well at least until iocb gets removed from the list.
> + req->events = demangle_poll(iocb->aio_buf) | POLLERR | POLLHUP;
EPOLLERR | EPOLLHUP, please. The values are equal to POLLERR and POLLHUP on
all architectures, but let's avoid misannotations.
> + spin_lock_irq(&ctx->ctx_lock);
> + list_add_tail(&aiocb->ki_list, &ctx->active_reqs);
> +
> + spin_lock(&req->head->lock);
> + mask = req->file->f_op->poll_mask(req->file, req->events);
> + if (!mask)
> + __add_wait_queue(req->head, &req->wait);
ITYM
if (!mask) {
__add_wait_queue(req->head, &req->wait);
list_add_tail(&aiocb->ki_list, &ctx->active_reqs);
}
What's the point of exposing it to aio_poll_cancel() when it has
never been on waitqueue?
--
To unsubscribe, send a message with 'unsubscribe linux-aio' in
the body to majordomo@kvack.org. For more info on Linux AIO,
see: http://www.kvack.org/aio/
Don't email: <a href=mailto:"aart@kvack.org">aart@kvack.org</a>
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Christoph Hellwig <hch@lst.de>
Cc: Avi Kivity <avi@scylladb.com>,
linux-aio@kvack.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, linux-api@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/31] aio: implement IOCB_CMD_POLL
Date: Tue, 22 May 2018 23:05:24 +0100 [thread overview]
Message-ID: <20180522220524.GE30522@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20180522113108.25713-9-hch@lst.de>
On Tue, May 22, 2018 at 01:30:45PM +0200, Christoph Hellwig wrote:
> +static inline void __aio_poll_complete(struct poll_iocb *req, __poll_t mask)
> +{
> + struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll);
> +
> + fput(req->file);
> + aio_complete(iocb, mangle_poll(mask), 0);
> +}
Careful.
> +static int aio_poll_cancel(struct kiocb *iocb)
> +{
> + struct aio_kiocb *aiocb = container_of(iocb, struct aio_kiocb, rw);
> + struct poll_iocb *req = &aiocb->poll;
> + struct wait_queue_head *head = req->head;
> + bool found = false;
> +
> + spin_lock(&head->lock);
> + found = __aio_poll_remove(req);
> + spin_unlock(&head->lock);
What's to guarantee that req->head has not been freed by that point?
Look: wakeup finds ->ctx_lock held, so it leaves the sucker on the
list, removes it from queue and schedules the call of __aio_poll_complete().
Which gets executed just as we hit aio_poll_cancel(), starting with fput().
You really want to do aio_complete() before fput(). That way you know that
req->wait is alive and well at least until iocb gets removed from the list.
> + req->events = demangle_poll(iocb->aio_buf) | POLLERR | POLLHUP;
EPOLLERR | EPOLLHUP, please. The values are equal to POLLERR and POLLHUP on
all architectures, but let's avoid misannotations.
> + spin_lock_irq(&ctx->ctx_lock);
> + list_add_tail(&aiocb->ki_list, &ctx->active_reqs);
> +
> + spin_lock(&req->head->lock);
> + mask = req->file->f_op->poll_mask(req->file, req->events);
> + if (!mask)
> + __add_wait_queue(req->head, &req->wait);
ITYM
if (!mask) {
__add_wait_queue(req->head, &req->wait);
list_add_tail(&aiocb->ki_list, &ctx->active_reqs);
}
What's the point of exposing it to aio_poll_cancel() when it has
never been on waitqueue?
next prev parent reply other threads:[~2018-05-22 22:05 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-22 11:30 aio poll and a new in-kernel poll API V12 Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 01/31] fs: unexport poll_schedule_timeout Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 02/31] fs: cleanup do_pollfd Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 03/31] fs: update documentation to mention __poll_t and match the code Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 04/31] fs: add new vfs_poll and file_can_poll helpers Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 05/31] fs: introduce new ->get_poll_head and ->poll_mask methods Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 06/31] aio: simplify KIOCB_KEY handling Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 07/31] aio: simplify cancellation Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 08/31] aio: implement IOCB_CMD_POLL Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 22:05 ` Al Viro [this message]
2018-05-22 22:05 ` Al Viro
2018-05-23 0:45 ` Al Viro
2018-05-23 0:45 ` Al Viro
2018-05-23 0:49 ` Al Viro
2018-05-23 0:49 ` Al Viro
2018-05-23 1:43 ` YAaioRace (was Re: [PATCH 08/31] aio: implement IOCB_CMD_POLL) Al Viro
2018-05-23 1:43 ` Al Viro
2018-05-22 11:30 ` [PATCH 09/31] aio: try to complete poll iocbs without context switch Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 10/31] net: refactor socket_poll Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 11/31] net: add support for ->poll_mask in proto_ops Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 12/31] net: remove sock_no_poll Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 13/31] net/tcp: convert to ->poll_mask Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 14/31] net/unix: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 15/31] net: convert datagram_poll users tp ->poll_mask Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 16/31] net/dccp: convert to ->poll_mask Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 17/31] net/atm: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 18/31] net/vmw_vsock: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 19/31] net/tipc: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 20/31] net/sctp: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 21/31] net/bluetooth: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:30 ` [PATCH 22/31] net/caif: " Christoph Hellwig
2018-05-22 11:30 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 23/31] net/nfc: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 24/31] net/phonet: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 25/31] net/iucv: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 26/31] net/rxrpc: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 27/31] crypto: af_alg: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 28/31] pipe: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 29/31] eventfd: switch " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 11:31 ` [PATCH 30/31] timerfd: convert " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 16:59 ` Sergei Shtylyov
2018-05-22 16:59 ` Sergei Shtylyov
2018-05-22 11:31 ` [PATCH 31/31] random: " Christoph Hellwig
2018-05-22 11:31 ` Christoph Hellwig
2018-05-22 22:07 ` aio poll and a new in-kernel poll API V12 Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180522220524.GE30522@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=avi@scylladb.com \
--cc=hch@lst.de \
--cc=linux-aio@kvack.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.