lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1509195507-29037-3-git-send-email-houtao1@huawei.com> Date: Sat, 28 Oct 2017 20:58:21 +0800 From: Hou Tao <houtao1@...wei.com> To: <linux-fsdevel@...r.kernel.org> CC: <linux-kernel@...r.kernel.org>, <viro@...iv.linux.org.uk>, <jbaron@...mai.com>, <oleg@...hat.com>, <dave@...olabs.net>, <koct9i@...il.com> Subject: [RFC][PATCH 2/8] epoll: remove ep from visited_list when freeing ep Before the removal of epmutex, the acquisition of epmutex in ep_free() will prevent the freeing of ep, so it's OK to access ep in visited_list in ep_loop_check(). To ensure the validity of ep when clearing visited_list, we need to remove ep from visited_list when freeing ep. If the ep had been added to the visited_list, we need to wait for its removal. Signed-off-by: Hou Tao <houtao1@...wei.com> --- fs/eventpoll.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 26ab0c5..44ea587 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -862,6 +862,18 @@ static void ep_free(struct eventpoll *ep) } mutex_unlock(&ep->mtx); + /* + * ep will not been added to visited_list, because ep_ctrl() + * can not get its reference and can not reference it by the + * corresponding epitem. The only possible operation is list_del_init, + * so it's OK to use list_empty_careful() here. + */ + if (!list_empty_careful(&ep->visited_list_link)) { + mutex_lock(&epmutex); + list_del_init(&ep->visited_list_link); + mutex_unlock(&epmutex); + } + mutex_destroy(&ep->mtx); free_uid(ep->user); wakeup_source_unregister(ep->ws); @@ -1039,6 +1051,7 @@ static int ep_alloc(struct eventpoll **pep) ep->rbr = RB_ROOT_CACHED; ep->ovflist = EP_UNACTIVE_PTR; ep->user = user; + INIT_LIST_HEAD(&ep->visited_list_link); *pep = ep; @@ -1928,7 +1941,7 @@ static int ep_loop_check(struct eventpoll *ep, struct file *file) list_for_each_entry_safe(ep_cur, ep_next, &visited_list, visited_list_link) { ep_cur->visited = 0; - list_del(&ep_cur->visited_list_link); + list_del_init(&ep_cur->visited_list_link); } return ret; } -- 2.7.5
Powered by blists - more mailing lists