aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx()

ioctx_add_table() is the writer, it does not need rcu_read_lock() to protect ->ioctx_table. It relies on mm->ioctx_lock and rcu locks just add the confusion. And it doesn't need rcu_dereference() by the same reason, it must see any updates previously done under the same ->ioctx_lock. We could use rcu_dereference_protected() but the patch uses rcu_dereference_raw(), the function is simple enough. The same for kill_ioctx(), although it does not update the pointer. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>

aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx()
ioctx_add_table() is the writer, it does not need rcu_read_lock() to protect ->ioctx_table. It relies on mm->ioctx_lock and rcu locks just add the confusion. And it doesn't need rcu_dereference() by the same reason, it must see any updates previously done under the same ->ioctx_lock. We could use rcu_dereference_protected() but the patch uses rcu_dereference_raw(), the function is simple enough. The same for kill_ioctx(), although it does not update the pointer. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Oleg Nesterov · Benjamin LaHaise
1 parent 4b70ac5fd9
Showing 1 changed file with 3 additions and 11 deletions Side-by-side Diff
fs/aio.c
@@ -554,8 +554,7 @@
 	struct aio_ring *ring;
  
 	spin_lock(&mm->ioctx_lock);
-	rcu_read_lock();
-	table = rcu_dereference(mm->ioctx_table);
+	table = rcu_dereference_raw(mm->ioctx_table);
  
 	while (1) {
 		if (table)
@@ -563,7 +562,6 @@
 				if (!table->table[i]) {
 					ctx->id = i;
 					table->table[i] = ctx;
-					rcu_read_unlock();
 					spin_unlock(&mm->ioctx_lock);
  
 					/* While kioctx setup is in progress,
@@ -577,8 +575,6 @@
 				}
  
 		new_nr = (table ? table->nr : 1) * 4;
-
-		rcu_read_unlock();
 		spin_unlock(&mm->ioctx_lock);
  
 		table = kzalloc(sizeof(*table) + sizeof(struct kioctx *) *
@@ -589,8 +585,7 @@
 		table->nr = new_nr;
  
 		spin_lock(&mm->ioctx_lock);
-		rcu_read_lock();
-		old = rcu_dereference(mm->ioctx_table);
+		old = rcu_dereference_raw(mm->ioctx_table);
  
 		if (!old) {
 			rcu_assign_pointer(mm->ioctx_table, table);
  
@@ -737,12 +732,9 @@
  
  
 	spin_lock(&mm->ioctx_lock);
-	rcu_read_lock();
-	table = rcu_dereference(mm->ioctx_table);
-
+	table = rcu_dereference_raw(mm->ioctx_table);
 	WARN_ON(ctx != table->table[ctx->id]);
 	table->table[ctx->id] = NULL;
-	rcu_read_unlock();
 	spin_unlock(&mm->ioctx_lock);
  
 	/* percpu_ref_kill() will do the necessary call_rcu() */
...	...	@@ -554,8 +554,7 @@
554	554	struct aio_ring *ring;
555	555
556	556	spin_lock(&mm->ioctx_lock);
557		- rcu_read_lock();
558		- table = rcu_dereference(mm->ioctx_table);
	557	+ table = rcu_dereference_raw(mm->ioctx_table);
559	558
560	559	while (1) {
561	560	if (table)
...	...	@@ -563,7 +562,6 @@
563	562	if (!table->table[i]) {
564	563	ctx->id = i;
565	564	table->table[i] = ctx;
566		- rcu_read_unlock();
567	565	spin_unlock(&mm->ioctx_lock);
568	566
569	567	/* While kioctx setup is in progress,
...	...	@@ -577,8 +575,6 @@
577	575	}
578	576
579	577	new_nr = (table ? table->nr : 1) * 4;
580		-
581		- rcu_read_unlock();
582	578	spin_unlock(&mm->ioctx_lock);
583	579
584	580	table = kzalloc(sizeof(table) + sizeof(struct kioctx ) *
...	...	@@ -589,8 +585,7 @@
589	585	table->nr = new_nr;
590	586
591	587	spin_lock(&mm->ioctx_lock);
592		- rcu_read_lock();
593		- old = rcu_dereference(mm->ioctx_table);
	588	+ old = rcu_dereference_raw(mm->ioctx_table);
594	589
595	590	if (!old) {
596	591	rcu_assign_pointer(mm->ioctx_table, table);
597	592
...	...	@@ -737,12 +732,9 @@
737	732
738	733
739	734	spin_lock(&mm->ioctx_lock);
740		- rcu_read_lock();
741		- table = rcu_dereference(mm->ioctx_table);
742		-
	735	+ table = rcu_dereference_raw(mm->ioctx_table);
743	736	WARN_ON(ctx != table->table[ctx->id]);
744	737	table->table[ctx->id] = NULL;
745		- rcu_read_unlock();
746	738	spin_unlock(&mm->ioctx_lock);
747	739
748	740	/* percpu_ref_kill() will do the necessary call_rcu() */