> We hit a memory ordering race condition on AIO ring buffer tail pointer
> between function aio_complete() and aio_read_evt().
>
> What happens is that on an architecture that has a relaxed memory
> ordering model like IPF(ia64), explicit memory barrier is required in a
> SMP execution environment. Considering the following case:
>
> 1 CPU is executing a tight loop of aio_read_evt. It is pulling event
> off the ring buffer. During that loop, another CPU is executing
> aio_complete() where it is putting event into the ring buffer and then
> update the tail pointer. However, due to relaxed memory ordering model,
> the tail pointer can be visible before the actual event is being
> updated. So the other CPU sees the updated tail pointer but picks up a
> staled event data.
>
> A memory barrier is required in this case between the event data and
> tail pointer update. Same is true for the head pointer but the window
> of the race condition is nil. For function correctness, it is fixed
> here as well.
>
> By the way, this bug is fixed in the major distributor's kernel on 2.4.x
> kernel series for a while, but somehow hasn't been propagated to 2.5
> kernel yet.
>
> The patch is relative to 2.5.74.
>
> - Ken
>
Make those smp_* memory barrier's because they don't matter on UP.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/