Hello, Jann Horn found that aio was depending on the internal RCU grace periods of percpu-ref and that it's broken because aio uses regular RCU while percpu_ref uses sched-RCU.
Depending on percpu_ref's internal grace periods isn't a good idea because * The RCU type might not match. * percpu_ref's grace periods are used to switch to atomic mode. They aren't between the last put and the invocation of the last release. This is easy to get confused about and can lead to subtle bugs. * percpu_ref might not have grace periods at all depending on its current operation mode. This patchset audits all percpu_ref users for their RCU usages, clarifies percpu_ref documentation that the internal grace periods must not be depended upon, and introduces rcu_work to simplify bouncing to a workqueue after an RCU grace period. This patchset contains the following seven patches. 0001-fs-aio-Add-explicit-RCU-grace-period-when-freeing-ki.patch 0002-fs-aio-Use-RCU-accessors-for-kioctx_table-table.patch 0003-RDMAVT-Fix-synchronization-around-percpu_ref.patch 0004-HMM-Remove-superflous-RCU-protection-around-radix-tr.patch 0005-block-Remove-superflous-rcu_read_-un-lock_sched-in-b.patch 0006-percpu_ref-Update-doc-to-dissuade-users-from-dependi.patch 0007-RCU-workqueue-Implement-rcu_work.patch 0001-0003 are fixes and tagged -stable. 0004-0005 remove (seemingly) superflous RCU read lock usages. 0006 updates the doc and 0007 introduces rcu_work. This patchset is also available in the following git tree. git://git.kernel.org/pub/scm/linux/kernel/git/tj/misc.git percpu_ref-rcu-audit diffstat follows. Thanks. block/blk-core.c | 2 - drivers/infiniband/sw/rdmavt/mr.c | 10 ++++--- fs/aio.c | 39 ++++++++++++++++----------- include/linux/cgroup-defs.h | 2 - include/linux/percpu-refcount.h | 18 ++++++++---- include/linux/workqueue.h | 38 ++++++++++++++++++++++++++ kernel/cgroup/cgroup.c | 21 ++++---------- kernel/workqueue.c | 54 ++++++++++++++++++++++++++++++++++++++ lib/percpu-refcount.c | 2 + mm/hmm.c | 12 +------- 10 files changed, 145 insertions(+), 53 deletions(-) -- tejun
