Commit 8d1c98b0b5c0148b519c6416e689ef6a89ffcea3
Committed by
Linus Torvalds
Linus Torvalds
1 parent
d479540dba
Exists in
master
and in
7 other branches
eventfd/kaio integration fix
Jeff Roberson discovered a race when using kaio eventfd based notifications. When it occurs it can lead tomissed wakeups and hung userspace. This patch fixes the race by moving the notification inside the spinlocked section of kaio. The operation is safe since eventfd spinlock and kaio one are unrelated. Signed-off-by: Davide Libenzi <davidel@xmailserver.org> Cc: Zach Brown <zach.brown@oracle.com> Cc: Jeff Roberson <jroberson@chesapeake.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 9 additions and 8 deletions Side-by-side Diff
fs/aio.c
| ... | ... | @@ -936,14 +936,6 @@ |
| 936 | 936 | return 1; |
| 937 | 937 | } |
| 938 | 938 | |
| 939 | - /* | |
| 940 | - * Check if the user asked us to deliver the result through an | |
| 941 | - * eventfd. The eventfd_signal() function is safe to be called | |
| 942 | - * from IRQ context. | |
| 943 | - */ | |
| 944 | - if (!IS_ERR(iocb->ki_eventfd)) | |
| 945 | - eventfd_signal(iocb->ki_eventfd, 1); | |
| 946 | - | |
| 947 | 939 | info = &ctx->ring_info; |
| 948 | 940 | |
| 949 | 941 | /* add a completion event to the ring buffer. |
| ... | ... | @@ -992,6 +984,15 @@ |
| 992 | 984 | kunmap_atomic(ring, KM_IRQ1); |
| 993 | 985 | |
| 994 | 986 | pr_debug("added to ring %p at [%lu]\n", iocb, tail); |
| 987 | + | |
| 988 | + /* | |
| 989 | + * Check if the user asked us to deliver the result through an | |
| 990 | + * eventfd. The eventfd_signal() function is safe to be called | |
| 991 | + * from IRQ context. | |
| 992 | + */ | |
| 993 | + if (!IS_ERR(iocb->ki_eventfd)) | |
| 994 | + eventfd_signal(iocb->ki_eventfd, 1); | |
| 995 | + | |
| 995 | 996 | put_rq: |
| 996 | 997 | /* everything turned out well, dispose of the aiocb. */ |
| 997 | 998 | ret = __aio_put_req(ctx, iocb); |