lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1509195507-29037-3-git-send-email-houtao1@huawei.com>
Date:   Sat, 28 Oct 2017 20:58:21 +0800
From:   Hou Tao <houtao1@...wei.com>
To:     <linux-fsdevel@...r.kernel.org>
CC:     <linux-kernel@...r.kernel.org>, <viro@...iv.linux.org.uk>,
        <jbaron@...mai.com>, <oleg@...hat.com>, <dave@...olabs.net>,
        <koct9i@...il.com>
Subject: [RFC][PATCH 2/8] epoll: remove ep from visited_list when freeing ep

Before the removal of epmutex, the acquisition of epmutex in
ep_free() will prevent the freeing of ep, so it's OK to access
ep in visited_list in ep_loop_check().

To ensure the validity of ep when clearing visited_list, we need
to remove ep from visited_list when freeing ep. If the ep had been
added to the visited_list, we need to wait for its removal.

Signed-off-by: Hou Tao <houtao1@...wei.com>
---
 fs/eventpoll.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 26ab0c5..44ea587 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -862,6 +862,18 @@ static void ep_free(struct eventpoll *ep)
 	}
 	mutex_unlock(&ep->mtx);
 
+	/*
+	 * ep will not been added to visited_list, because ep_ctrl()
+	 * can not get its reference and can not reference it by the
+	 * corresponding epitem. The only possible operation is list_del_init,
+	 * so it's OK to use list_empty_careful() here.
+	 */
+	if (!list_empty_careful(&ep->visited_list_link)) {
+		mutex_lock(&epmutex);
+		list_del_init(&ep->visited_list_link);
+		mutex_unlock(&epmutex);
+	}
+
 	mutex_destroy(&ep->mtx);
 	free_uid(ep->user);
 	wakeup_source_unregister(ep->ws);
@@ -1039,6 +1051,7 @@ static int ep_alloc(struct eventpoll **pep)
 	ep->rbr = RB_ROOT_CACHED;
 	ep->ovflist = EP_UNACTIVE_PTR;
 	ep->user = user;
+	INIT_LIST_HEAD(&ep->visited_list_link);
 
 	*pep = ep;
 
@@ -1928,7 +1941,7 @@ static int ep_loop_check(struct eventpoll *ep, struct file *file)
 	list_for_each_entry_safe(ep_cur, ep_next, &visited_list,
 							visited_list_link) {
 		ep_cur->visited = 0;
-		list_del(&ep_cur->visited_list_link);
+		list_del_init(&ep_cur->visited_list_link);
 	}
 	return ret;
 }
-- 
2.7.5

Powered by blists - more mailing lists