On Thu, Mar 29, 2018 at 03:25:06PM +0100, Al Viro wrote: > OK. Let's leave that alone for now. Re deferred cancels - AFAICS, we *must* > remove the sucker from ctx->active_reqs before dropping ->ctx_lock. > > As it is, you are creating a io_cancel()/io_cancel() race leading to double > fput(). It's not that hard to fix; I can do that myself while applying your > series (as described in previous posting - kiocb_cancel_locked() returning > NULL or ERR_PTR() in non-deferred case and pointer to aio_kiocb removed from > ->active_reqs in deferred one) or you could fix it in some other way and > update your branch. I think that is the right fix. Let me resend so that I can test the result first. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
