[2/6] epoll: avoid double-inserts in case of EFAULT

Message ID	1319642765-9333-3-git-send-email-paolo.pisati@canonical.com
State	New
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Paolo Pisati <paolo.pisati@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/6] epoll: avoid double-inserts in case of EFAULT Date: Wed, 26 Oct 2011 17:26:01 +0200 Message-Id: <1319642765-9333-3-git-send-email-paolo.pisati@canonical.com> In-Reply-To: <1319642765-9333-1-git-send-email-paolo.pisati@canonical.com> References: <1319642765-9333-1-git-send-email-paolo.pisati@canonical.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com

Message ID

1319642765-9333-3-git-send-email-paolo.pisati@canonical.com

State

New

Headers

From: Paolo Pisati <paolo.pisati@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 2/6] epoll: avoid double-inserts in case of EFAULT
Date: Wed, 26 Oct 2011 17:26:01 +0200
Message-Id: <1319642765-9333-3-git-send-email-paolo.pisati@canonical.com>
In-Reply-To: <1319642765-9333-1-git-send-email-paolo.pisati@canonical.com>
References: <1319642765-9333-1-git-send-email-paolo.pisati@canonical.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

Commit Message

Paolo Pisati Oct. 26, 2011, 3:26 p.m. UTC

From: Davide Libenzi <davidel@xmailserver.org>

In commit f337b9c58332bdecde965b436e47ea4c94d30da0 ("epoll: drop
unnecessary test") Thomas found that there is an unnecessary (always
true) test in ep_send_events().  The callback never inserts into
->rdllink while the send loop is performed, and also does the
~EP_PRIVATE_BITS test.  Given we're holding the mutex during this time,
the conditions tested inside the loop are always true.

HOWEVER.

The test "!ep_is_linked(&epi->rdllink)" wasn't there because we insert
into ->rdllink, but because the send-events loop might terminate before
the whole list is scanned (-EFAULT).

In such cases, when the loop terminates early, and when a (leftover)
file received an event while we're performing the lockless loop, we need
such test to avoid to double insert the epoll items.  The list_splice()
done a few steps below, will correctly re-insert the ones that were left
on "txlist".

This should fix the kenrel.org bugzilla entry 11831.

Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 9ce209d64d820a6d5ed6b952e2c0f917faad6031)

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
---
 fs/eventpoll.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 0e73172..d86c0c9 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -953,8 +953,15 @@  errxit:
 	 * inside the main ready-list here.
 	 */
 	for (nepi = ep->ovflist; (epi = nepi) != NULL;
-	     nepi = epi->next, epi->next = EP_UNACTIVE_PTR)
-		list_add_tail(&epi->rdllink, &ep->rdllist);
+	     nepi = epi->next, epi->next = EP_UNACTIVE_PTR) {
+		/*
+		 * If the above loop quit with errors, the epoll item might still
+		 * be linked to "txlist", and the list_splice() done below will
+		 * take care of those cases.
+		 */
+		if (!ep_is_linked(&epi->rdllink))
+			list_add_tail(&epi->rdllink, &ep->rdllist);
+	}
 	/*
 	 * We need to set back ep->ovflist to EP_UNACTIVE_PTR, so that after
 	 * releasing the lock, events will be queued in the normal way inside

[2/6] epoll: avoid double-inserts in case of EFAULT

Commit Message

Patch