Fix refcount bug in blkdev and timer kthreads.

The shutdown code in d79d57e and b20e160 had a race condition during
shutdown, due to not owning a reference on the associated task_struct
while the associated threads shut themselves down.

Patch over this by taking an appropriate reference.

Signed-off-by: Justin Husted <sigstop@gmail.com>

diff --git a/linux/blkdev.c b/linux/blkdev.c
index 370f08fc5596e0d877d73de3f82b60885a7f1b7e..19aa88b8e0dcb93315b94e2e8d6db24410904ef6 100644 (file)
--- a/linux/blkdev.c
+++ b/linux/blkdev.c
@@ -281,6 +281,7 @@ static void blkdev_cleanup(void)
 {
        struct task_struct *p = NULL;
        swap(aio_task, p);
+       get_task_struct(p);
 
        atomic_set(&aio_thread_stop, 1);
 
@@ -305,6 +306,8 @@ static void blkdev_cleanup(void)
        ret = kthread_stop(p);
        BUG_ON(ret);
 
+       put_task_struct(p);
+
        close(fds[0]);
        close(fds[1]);
 }

diff --git a/linux/timer.c b/linux/timer.c
index 11a2fd8d2e5489874314a052830ce7fab9d2a3b4..eb93786364eedd6282fa113b3458ecdd8c5bf9b6 100644 (file)
--- a/linux/timer.c
+++ b/linux/timer.c
@@ -312,6 +312,8 @@ static void timers_init(void)
 __attribute__((destructor(103)))
 static void timers_cleanup(void)
 {
+       get_task_struct(timer_task);
+
        pthread_mutex_lock(&timer_lock);
        timer_thread_stop = true;
        pthread_cond_signal(&timer_cond);
@@ -320,5 +322,6 @@ static void timers_cleanup(void)
        int ret = kthread_stop(timer_task);
        BUG_ON(ret);
 
+       put_task_struct(timer_task);
        timer_task = NULL;
 }