[PATCH] fanotify: use killable wait for waiting response for permission events

From: Konstantin Khlebnikov
Date: Mon Aug 20 2018 - 03:09:59 EST


Waiting in uninterruptible state for response from userspace
easily produces deadlocks and hordes of unkillable tasks.

This patch makes this wait killable.

At receiving fatal signal task will remove queued event and die.
If event is already handled then response will be received as usual.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
---
fs/notify/fanotify/fanotify.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index eb4e75175cfb..7a0c37790c89 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -64,7 +64,27 @@ static int fanotify_get_response(struct fsnotify_group *group,

pr_debug("%s: group=%p event=%p\n", __func__, group, event);

- wait_event(group->fanotify_data.access_waitq, event->response);
+ ret = wait_event_killable(group->fanotify_data.access_waitq,
+ event->response);
+ if (ret) {
+ /* Try to remove pending event from the queue */
+ spin_lock(&group->notification_lock);
+ if (!list_empty(&event->fae.fse.list))
+ list_del_init(&event->fae.fse.list);
+ else
+ ret = 0;
+ spin_unlock(&group->notification_lock);
+
+ if (ret)
+ return ret;
+
+ /*
+ * We cannot return, this will destroy event while
+ * process_access_response() fills response.
+ * Just wait for wakeup and continue normal flow.
+ */
+ wait_event(group->fanotify_data.access_waitq, event->response);
+ }

/* userspace responded, convert to something usable */
switch (event->response & ~FAN_AUDIT) {