| Message ID | 1347887791-13726-5-git-send-email-simon.derr@bull.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index baec49a..cdf91da 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -453,12 +453,13 @@ static void p9_write_work(struct work_struct *work) } if (!m->wsize) { + spin_lock(&m->client->lock); if (list_empty(&m->unsent_req_list)) { clear_bit(Wworksched, &m->wsched); + spin_unlock(&m->client->lock); return; } - spin_lock(&m->client->lock); req = list_entry(m->unsent_req_list.next, struct p9_req_t, req_list); req->status = REQ_STATUS_SENT;
Race scenario: thread A thread B p9_write_work() p9_fd_request() if (list_empty(&m->unsent_req_list)) ... spin_lock(&client->lock); req->status = REQ_STATUS_UNSENT; list_add_tail(..., &m->unsent_req_list); spin_unlock(&client->lock); .... if (n & POLLOUT && !test_and_set_bit(Wworksched, &m->wsched) schedule_work(&m->wq); --> not done because Wworksched is set clear_bit(Wworksched, &m->wsched); return; --> nobody will take care of sending the new request. This is not very likely to happen though, because p9_write_work() being called with an empty unsent_req_list is not frequent. But this also means that taking the lock earlier will not be costly. Signed-off-by: Simon Derr <simon.derr@bull.net> --- net/9p/trans_fd.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)