The global bounce buffer used for non-direct memory access is not thread-safe:
1) Access to "bounce" is not atomic.
2) Access to "map_client_list" is not atomic.
3) In dma_blk_cb, there is a race condition between:
mem = dma_memory_map(dbs->sg->as, cur_addr, &cur_len, dbs->dir);
/* ... */
cpu_register_map_client(dbs, continue_after_map_failure);
Bounce may become available after dma_memory_map failed but before
cpu_register_map_client is called.
4) The callback registered by cpu_register_map_client is not called in the
right AioContext.
This series fixes these issues respectively.
Fam Zheng (4):
exec: Atomic access to bounce buffer
exec: Atomic access to map_client_list
exec: Notify cpu_register_map_client caller if the bounce buffer is
available
dma-helpers: Move reschedule_dma BH to blk's AioContext
dma-helpers.c | 4 +++-
exec.c | 35 +++++++++++++++++++----------------
2 files changed, 22 insertions(+), 17 deletions(-)
--
1.9.3
