[PATCH AUTOSEL 5.4 1/4] epoll: do not insert into poll queues until all sanity checks are done

From: Sasha Levin
Date: Mon Oct 05 2020 - 10:46:37 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 5.4 3/4] ep_create_wakeup_source(): dentry name can change under you..."
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.19 2/2] drm/amdgpu: prevent double kfree ttm->sg"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.4 2/4] drm/amdgpu: prevent double kfree ttm->sg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

[ Upstream commit f8d4f44df056c5b504b0d49683fb7279218fd207 ]

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
fs/eventpoll.c | 37 ++++++++++++++++++-------------------
1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index ae1d32344f7ac..f70df53666ed1 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1527,6 +1527,22 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
RCU_INIT_POINTER(epi->ws, NULL);
}

+ /* Add the current item to the list of active epoll hook for this file */
+ spin_lock(&tfile->f_lock);
+ list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);
+ spin_unlock(&tfile->f_lock);
+
+ /*
+ * Add the current item to the RB tree. All RB tree operations are
+ * protected by "mtx", and ep_insert() is called with "mtx" held.
+ */
+ ep_rbtree_insert(ep, epi);
+
+ /* now check if we've created too many backpaths */
+ error = -EINVAL;
+ if (full_check && reverse_path_check())
+ goto error_remove_epi;
+
/* Initialize the poll table using the queue callback */
epq.epi = epi;
init_poll_funcptr(&epq.pt, ep_ptable_queue_proc);
@@ -1549,22 +1565,6 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
if (epi->nwait < 0)
goto error_unregister;

- /* Add the current item to the list of active epoll hook for this file */
- spin_lock(&tfile->f_lock);
- list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);
- spin_unlock(&tfile->f_lock);
-
- /*
- * Add the current item to the RB tree. All RB tree operations are
- * protected by "mtx", and ep_insert() is called with "mtx" held.
- */
- ep_rbtree_insert(ep, epi);
-
- /* now check if we've created too many backpaths */
- error = -EINVAL;
- if (full_check && reverse_path_check())
- goto error_remove_epi;
-
/* We have to drop the new item inside our item list to keep track of it */
write_lock_irq(&ep->lock);

@@ -1593,6 +1593,8 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,

return 0;

+error_unregister:
+ ep_unregister_pollwait(ep, epi);
error_remove_epi:
spin_lock(&tfile->f_lock);
list_del_rcu(&epi->fllink);
@@ -1600,9 +1602,6 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,

rb_erase_cached(&epi->rbn, &ep->rbr);

-error_unregister:
- ep_unregister_pollwait(ep, epi);
-
/*
* We need to do this because an event could have been arrived on some
* allocated wait queue. Note that we don't care about the ep->ovflist
--
2.25.1

Next message: Sasha Levin: "[PATCH AUTOSEL 5.4 3/4] ep_create_wakeup_source(): dentry name can change under you..."
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.19 2/2] drm/amdgpu: prevent double kfree ttm->sg"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.4 2/4] drm/amdgpu: prevent double kfree ttm->sg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]