epoll: annotate racy check Epoll relies on a racy fastpath check during __fput() in eventpoll_release() to avoid the hit of pointlessly acquiring a semaphore. Annotate that race by using WRITE_ONCE() and READ_ONCE(). Link: https://lore.kernel.org/r/[email protected] Link: https://lore.kernel.org/r/20240925-fungieren-anbauen-79b334b00542@brauner Reviewed-by: Jan Kara <[email protected]> Reported-by: [email protected] Signed-off-by: Christian Brauner <[email protected]>

commit: 6474353a5e3d0b2cf610153cea0c61f576a36d0a [log] [tgz]
author: Christian Brauner <[email protected]> Wed Sep 25 11:05:16 2024 +0200
committer: Christian Brauner <[email protected]> Tue Oct 22 11:16:56 2024 +0200
tree: 1395d4b47fa1aaf0b08141610ec97a7c2c3f0d57
parent: 05fba0a11557dfdc1b6895f4a3fb59165669e643 [diff] [blame]
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 1ae4542..90fbab6 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c

@@ -823,7 +823,8 @@ static bool __ep_remove(struct eventpoll *ep, struct epitem *epi, bool force)
 	to_free = NULL;
 	head = file->f_ep;
 	if (head->first == &epi->fllink && !epi->fllink.next) {
-		file->f_ep = NULL;
+		/* See eventpoll_release() for details. */
+		WRITE_ONCE(file->f_ep, NULL);
 		if (!is_file_epoll(file)) {
 			struct epitems_head *v;
 			v = container_of(head, struct epitems_head, epitems);
@@ -1603,7 +1604,8 @@ static int attach_epitem(struct file *file, struct epitem *epi)
 			spin_unlock(&file->f_lock);
 			goto allocate;
 		}
-		file->f_ep = head;
+		/* See eventpoll_release() for details. */
+		WRITE_ONCE(file->f_ep, head);
 		to_free = NULL;
 	}
 	hlist_add_head_rcu(&epi->fllink, file->f_ep);
commit	6474353a5e3d0b2cf610153cea0c61f576a36d0a	[log] [tgz]
author	Christian Brauner <[email protected]>	Wed Sep 25 11:05:16 2024 +0200
committer	Christian Brauner <[email protected]>	Tue Oct 22 11:16:56 2024 +0200
tree	1395d4b47fa1aaf0b08141610ec97a7c2c3f0d57
parent	05fba0a11557dfdc1b6895f4a3fb59165669e643 [diff] [blame]