From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751639AbdJ1Mww (ORCPT ); Sat, 28 Oct 2017 08:52:52 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:9468 "EHLO szxga04-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751266AbdJ1Mwb (ORCPT ); Sat, 28 Oct 2017 08:52:31 -0400 From: Hou Tao To: CC: , , , , , Subject: [RFC][PATCH 4/8] epoll: free eventpoll by rcu to provide existence guarantee Date: Sat, 28 Oct 2017 20:58:23 +0800 Message-ID: <1509195507-29037-5-git-send-email-houtao1@huawei.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1509195507-29037-1-git-send-email-houtao1@huawei.com> References: <1509195507-29037-1-git-send-email-houtao1@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090203.59F47D84.004C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 7c5bfbc42a1c7a8246c5aded4cade492 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Before the removal of epmutex, it's OK to access epi->ep in reverse_path_check_proc(), because the freeing of ep will be blocked on ep_free(). After the removal of epmutex, when accessing epi->ep in reverse_path_check_proc(), it's possible that it has been release because this eventpoll struct belongs to an epoll fd which also polls the target file. So freeing eventpoll by rcu to ensure the accessed fields of eventpoll are still valid when invoking reverse_path_check_proc(). Signed-off-by: Hou Tao --- fs/eventpoll.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 998c635..18de596 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -230,6 +230,9 @@ struct eventpoll { /* used to track busy poll napi_id */ unsigned int napi_id; #endif + + /* used to free itself */ + struct rcu_head rcu; }; /* Wait structure used by the poll hooks */ @@ -818,6 +821,12 @@ static int ep_remove(struct eventpoll *ep, struct epitem *epi) return 0; } +static void ep_rcu_free(struct rcu_head *head) +{ + struct eventpoll *ep = container_of(head, struct eventpoll, rcu); + kfree(ep); +} + static void ep_free(struct eventpoll *ep) { struct rb_node *rbp; @@ -877,7 +886,8 @@ static void ep_free(struct eventpoll *ep) mutex_destroy(&ep->mtx); free_uid(ep->user); wakeup_source_unregister(ep->ws); - kfree(ep); + + call_rcu(&ep->rcu, ep_rcu_free); } static int ep_eventpoll_release(struct inode *inode, struct file *file) -- 2.7.5