aio: bad AIO race in aio_complete() leads to process hang
[sfrench/cifs-2.6.git] / fs / aio.c
index b74c567383bc3689412a6195cb5fd4e2520cb724..6af92194062266d842adfd57cf8abff425bd6ec5 100644 (file)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -996,6 +996,14 @@ put_rq:
        /* everything turned out well, dispose of the aiocb. */
        ret = __aio_put_req(ctx, iocb);
 
        /* everything turned out well, dispose of the aiocb. */
        ret = __aio_put_req(ctx, iocb);
 
+       /*
+        * We have to order our ring_info tail store above and test
+        * of the wait list below outside the wait lock.  This is
+        * like in wake_up_bit() where clearing a bit has to be
+        * ordered with the unlocked test.
+        */
+       smp_mb();
+
        if (waitqueue_active(&ctx->wait))
                wake_up(&ctx->wait);
 
        if (waitqueue_active(&ctx->wait))
                wake_up(&ctx->wait);