tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

eventfd/kaio integration fix

Jeff Roberson discovered a race when using kaio eventfd based notifications.
When it occurs it can lead tomissed wakeups and hung userspace.

This patch fixes the race by moving the notification inside the spinlocked
section of kaio. The operation is safe since eventfd spinlock and kaio one
are unrelated.

Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Zach Brown <zach.brown@oracle.com>
Cc: Jeff Roberson <jroberson@chesapeake.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Davide Libenzi and committed by Linus Torvalds 8d1c98b0 d479540d

+9 -8
unified split
+9 -8
fs/aio.c
··· 936 return 1; 937 } 938 939 - /* 940 - * Check if the user asked us to deliver the result through an 941 - * eventfd. The eventfd_signal() function is safe to be called 942 - * from IRQ context. 943 - */ 944 - if (!IS_ERR(iocb->ki_eventfd)) 945 - eventfd_signal(iocb->ki_eventfd, 1); 946 - 947 info = &ctx->ring_info; 948 949 /* add a completion event to the ring buffer. ··· 984 kunmap_atomic(ring, KM_IRQ1); 985 986 pr_debug("added to ring %p at [%lu]\n", iocb, tail); 987 put_rq: 988 /* everything turned out well, dispose of the aiocb. */ 989 ret = __aio_put_req(ctx, iocb);
··· 936 return 1; 937 } 938 939 info = &ctx->ring_info; 940 941 /* add a completion event to the ring buffer. ··· 992 kunmap_atomic(ring, KM_IRQ1); 993 994 pr_debug("added to ring %p at [%lu]\n", iocb, tail); 995 + 996 + /* 997 + * Check if the user asked us to deliver the result through an 998 + * eventfd. The eventfd_signal() function is safe to be called 999 + * from IRQ context. 1000 + */ 1001 + if (!IS_ERR(iocb->ki_eventfd)) 1002 + eventfd_signal(iocb->ki_eventfd, 1); 1003 + 1004 put_rq: 1005 /* everything turned out well, dispose of the aiocb. */ 1006 ret = __aio_put_req(ctx, iocb);