From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751706AbdJ1Mw5 (ORCPT ); Sat, 28 Oct 2017 08:52:57 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:9539 "EHLO szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751167AbdJ1Mwh (ORCPT ); Sat, 28 Oct 2017 08:52:37 -0400 From: Hou Tao To: CC: , , , , , Subject: [RFC][PATCH 2/8] epoll: remove ep from visited_list when freeing ep Date: Sat, 28 Oct 2017 20:58:21 +0800 Message-ID: <1509195507-29037-3-git-send-email-houtao1@huawei.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1509195507-29037-1-git-send-email-houtao1@huawei.com> References: <1509195507-29037-1-git-send-email-houtao1@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.59F47D81.0020,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: d27b7844a781e26fd3c305d9f8c23aba Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Before the removal of epmutex, the acquisition of epmutex in ep_free() will prevent the freeing of ep, so it's OK to access ep in visited_list in ep_loop_check(). To ensure the validity of ep when clearing visited_list, we need to remove ep from visited_list when freeing ep. If the ep had been added to the visited_list, we need to wait for its removal. Signed-off-by: Hou Tao --- fs/eventpoll.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 26ab0c5..44ea587 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -862,6 +862,18 @@ static void ep_free(struct eventpoll *ep) } mutex_unlock(&ep->mtx); + /* + * ep will not been added to visited_list, because ep_ctrl() + * can not get its reference and can not reference it by the + * corresponding epitem. The only possible operation is list_del_init, + * so it's OK to use list_empty_careful() here. + */ + if (!list_empty_careful(&ep->visited_list_link)) { + mutex_lock(&epmutex); + list_del_init(&ep->visited_list_link); + mutex_unlock(&epmutex); + } + mutex_destroy(&ep->mtx); free_uid(ep->user); wakeup_source_unregister(ep->ws); @@ -1039,6 +1051,7 @@ static int ep_alloc(struct eventpoll **pep) ep->rbr = RB_ROOT_CACHED; ep->ovflist = EP_UNACTIVE_PTR; ep->user = user; + INIT_LIST_HEAD(&ep->visited_list_link); *pep = ep; @@ -1928,7 +1941,7 @@ static int ep_loop_check(struct eventpoll *ep, struct file *file) list_for_each_entry_safe(ep_cur, ep_next, &visited_list, visited_list_link) { ep_cur->visited = 0; - list_del(&ep_cur->visited_list_link); + list_del_init(&ep_cur->visited_list_link); } return ret; } -- 2.7.5