On Mon, Apr 27, 2015 at 08:24:53PM -0700, Davidlohr Bueso wrote:
> +static inline void pipelined_send(struct wake_q_head *wake_q,
> + struct mqueue_inode_info *info,
> struct msg_msg *message,
> struct ext_wait_queue *receiver)
> {
> receiver->msg = message;
> list_del(&receiver->list);
> + wake_q_add(wake_q, receiver->task);
> + /*
> + * Ensure that updating receiver->state is the last
> + * write operation: As once set, the receiver can continue,
> + * and if we don't have the reference count from the wake_q,
> + * yet, at that point we can later have a use-after-free
> + * condition and bogus wakeup.
> + */
> + smp_wmb(); /* pairs with smp_rmb() in wq_sleep */
You have this barrier because we cannot rely on a failed cmpxchg()
actually being a full barrier, right?
> receiver->state = STATE_READY;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
