tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

eventfd/kaio integration fix

Jeff Roberson discovered a race when using kaio eventfd based notifications.
When it occurs it can lead tomissed wakeups and hung userspace.

This patch fixes the race by moving the notification inside the spinlocked
section of kaio. The operation is safe since eventfd spinlock and kaio one
are unrelated.

Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Zach Brown <zach.brown@oracle.com>
Cc: Jeff Roberson <jroberson@chesapeake.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Davide Libenzi and committed by Linus Torvalds 8d1c98b0 d479540d

+9 -8
unified split
+9 -8
fs/aio.c
··· 936 936 return 1; 937 937 } 938 938 939 - /* 940 - * Check if the user asked us to deliver the result through an 941 - * eventfd. The eventfd_signal() function is safe to be called 942 - * from IRQ context. 943 - */ 944 - if (!IS_ERR(iocb->ki_eventfd)) 945 - eventfd_signal(iocb->ki_eventfd, 1); 946 - 947 939 info = &ctx->ring_info; 948 940 949 941 /* add a completion event to the ring buffer. ··· 984 992 kunmap_atomic(ring, KM_IRQ1); 985 993 986 994 pr_debug("added to ring %p at [%lu]\n", iocb, tail); 995 + 996 + /* 997 + * Check if the user asked us to deliver the result through an 998 + * eventfd. The eventfd_signal() function is safe to be called 999 + * from IRQ context. 1000 + */ 1001 + if (!IS_ERR(iocb->ki_eventfd)) 1002 + eventfd_signal(iocb->ki_eventfd, 1); 1003 + 987 1004 put_rq: 988 1005 /* everything turned out well, dispose of the aiocb. */ 989 1006 ret = __aio_put_req(ctx, iocb);