Re: block: GPF in get_task_ioprio

From: Dmitry Vyukov <dvyukov@google.com>
Date: 2016-07-01 08:39:44
Also in: lkml

On Fri, Jul 1, 2016 at 4:43 AM, Omar Sandoval [off-list ref] wrote:

quoted hunk ↗ jump to hunk

On Thu, Jun 30, 2016 at 10:50:44AM +0200, Dmitry Vyukov wrote:

quoted

Hello,

The following program triggers GPF in get_task_ioprio if run in a parallel loop:

Dmitry,

Could you please try the below?

diff --git a/block/ioprio.c b/block/ioprio.c
index cc7800e9eb44..01b8116298a1 100644
--- a/block/ioprio.c
+++ b/block/ioprio.c

@@ -150,8 +150,10 @@ static int get_task_ioprio(struct task_struct *p)
        if (ret)
                goto out;
        ret = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, IOPRIO_NORM);
+       task_lock(p);
        if (p->io_context)
                ret = p->io_context->ioprio;
+       task_unlock(p);
 out:
        return ret;
 }

I'm having a hard time reproducing it but I can see how it could happen;
I think `p->io_context` is getting freed in exit_io_context() in between
the `if (p->io_context)` and `ret = p->io_context->ioprio`.


I see that you were able to reproduce it. So I am not testing it.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help