Fix refcount bug in blkdev and timer kthreads.

The shutdown code in d79d57e and b20e160 had a race condition during
shutdown, due to not owning a reference on the associated task_struct
while the associated threads shut themselves down.

Patch over this by taking an appropriate reference.

Signed-off-by: Justin Husted <sigstop@gmail.com>

2 files changed, 6 insertions, 0 deletions

diff --git a/linux/blkdev.c b/linux/blkdev.c
index 370f08fc..19aa88b8 100644
--- a/linux/blkdev.c
+++ b/linux/blkdev.c
@@ -281,6 +281,7 @@ static void blkdev_cleanup(void)
 {
 	struct task_struct *p = NULL;
 	swap(aio_task, p);
+	get_task_struct(p);
 
 	atomic_set(&aio_thread_stop, 1);
 
@@ -305,6 +306,8 @@ static void blkdev_cleanup(void)
 	ret = kthread_stop(p);
 	BUG_ON(ret);
 
+	put_task_struct(p);
+
 	close(fds[0]);
 	close(fds[1]);
 }
diff --git a/linux/timer.c b/linux/timer.c
index 11a2fd8d..eb937863 100644
--- a/linux/timer.c
+++ b/linux/timer.c
@@ -312,6 +312,8 @@ static void timers_init(void)
 __attribute__((destructor(103)))
 static void timers_cleanup(void)
 {
+	get_task_struct(timer_task);
+
 	pthread_mutex_lock(&timer_lock);
 	timer_thread_stop = true;
 	pthread_cond_signal(&timer_cond);
@@ -320,5 +322,6 @@ static void timers_cleanup(void)
 	int ret = kthread_stop(timer_task);
 	BUG_ON(ret);
 
+	put_task_struct(timer_task);
 	timer_task = NULL;
 }