diff options
author | Davide Libenzi <davidel@xmailserver.org> | 2007-05-18 15:02:33 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-05-18 16:09:34 -0400 |
commit | d48eb2331595224ffe89665e79721d44b40bb047 (patch) | |
tree | b4e398ec71e0775a441329b60cb0771c43e92c54 | |
parent | 347b4599dd6ffef27e18c227532d1ec66556000b (diff) |
eventfd use waitqueue lock ...
The eventfd was using the unlocked waitqueue operations, but it was
using a different lock, so poll_wait() would race with it.
This makes eventfd directly use the waitqueue lock.
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/eventfd.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/fs/eventfd.c b/fs/eventfd.c index 480e2b3c4166..2ce19c000d2a 100644 --- a/fs/eventfd.c +++ b/fs/eventfd.c | |||
@@ -17,7 +17,6 @@ | |||
17 | #include <linux/eventfd.h> | 17 | #include <linux/eventfd.h> |
18 | 18 | ||
19 | struct eventfd_ctx { | 19 | struct eventfd_ctx { |
20 | spinlock_t lock; | ||
21 | wait_queue_head_t wqh; | 20 | wait_queue_head_t wqh; |
22 | /* | 21 | /* |
23 | * Every time that a write(2) is performed on an eventfd, the | 22 | * Every time that a write(2) is performed on an eventfd, the |
@@ -45,13 +44,13 @@ int eventfd_signal(struct file *file, int n) | |||
45 | 44 | ||
46 | if (n < 0) | 45 | if (n < 0) |
47 | return -EINVAL; | 46 | return -EINVAL; |
48 | spin_lock_irqsave(&ctx->lock, flags); | 47 | spin_lock_irqsave(&ctx->wqh.lock, flags); |
49 | if (ULLONG_MAX - ctx->count < n) | 48 | if (ULLONG_MAX - ctx->count < n) |
50 | n = (int) (ULLONG_MAX - ctx->count); | 49 | n = (int) (ULLONG_MAX - ctx->count); |
51 | ctx->count += n; | 50 | ctx->count += n; |
52 | if (waitqueue_active(&ctx->wqh)) | 51 | if (waitqueue_active(&ctx->wqh)) |
53 | wake_up_locked(&ctx->wqh); | 52 | wake_up_locked(&ctx->wqh); |
54 | spin_unlock_irqrestore(&ctx->lock, flags); | 53 | spin_unlock_irqrestore(&ctx->wqh.lock, flags); |
55 | 54 | ||
56 | return n; | 55 | return n; |
57 | } | 56 | } |
@@ -70,14 +69,14 @@ static unsigned int eventfd_poll(struct file *file, poll_table *wait) | |||
70 | 69 | ||
71 | poll_wait(file, &ctx->wqh, wait); | 70 | poll_wait(file, &ctx->wqh, wait); |
72 | 71 | ||
73 | spin_lock_irqsave(&ctx->lock, flags); | 72 | spin_lock_irqsave(&ctx->wqh.lock, flags); |
74 | if (ctx->count > 0) | 73 | if (ctx->count > 0) |
75 | events |= POLLIN; | 74 | events |= POLLIN; |
76 | if (ctx->count == ULLONG_MAX) | 75 | if (ctx->count == ULLONG_MAX) |
77 | events |= POLLERR; | 76 | events |= POLLERR; |
78 | if (ULLONG_MAX - 1 > ctx->count) | 77 | if (ULLONG_MAX - 1 > ctx->count) |
79 | events |= POLLOUT; | 78 | events |= POLLOUT; |
80 | spin_unlock_irqrestore(&ctx->lock, flags); | 79 | spin_unlock_irqrestore(&ctx->wqh.lock, flags); |
81 | 80 | ||
82 | return events; | 81 | return events; |
83 | } | 82 | } |
@@ -92,7 +91,7 @@ static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, | |||
92 | 91 | ||
93 | if (count < sizeof(ucnt)) | 92 | if (count < sizeof(ucnt)) |
94 | return -EINVAL; | 93 | return -EINVAL; |
95 | spin_lock_irq(&ctx->lock); | 94 | spin_lock_irq(&ctx->wqh.lock); |
96 | res = -EAGAIN; | 95 | res = -EAGAIN; |
97 | ucnt = ctx->count; | 96 | ucnt = ctx->count; |
98 | if (ucnt > 0) | 97 | if (ucnt > 0) |
@@ -110,9 +109,9 @@ static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, | |||
110 | res = -ERESTARTSYS; | 109 | res = -ERESTARTSYS; |
111 | break; | 110 | break; |
112 | } | 111 | } |
113 | spin_unlock_irq(&ctx->lock); | 112 | spin_unlock_irq(&ctx->wqh.lock); |
114 | schedule(); | 113 | schedule(); |
115 | spin_lock_irq(&ctx->lock); | 114 | spin_lock_irq(&ctx->wqh.lock); |
116 | } | 115 | } |
117 | __remove_wait_queue(&ctx->wqh, &wait); | 116 | __remove_wait_queue(&ctx->wqh, &wait); |
118 | __set_current_state(TASK_RUNNING); | 117 | __set_current_state(TASK_RUNNING); |
@@ -122,7 +121,7 @@ static ssize_t eventfd_read(struct file *file, char __user *buf, size_t count, | |||
122 | if (waitqueue_active(&ctx->wqh)) | 121 | if (waitqueue_active(&ctx->wqh)) |
123 | wake_up_locked(&ctx->wqh); | 122 | wake_up_locked(&ctx->wqh); |
124 | } | 123 | } |
125 | spin_unlock_irq(&ctx->lock); | 124 | spin_unlock_irq(&ctx->wqh.lock); |
126 | if (res > 0 && put_user(ucnt, (__u64 __user *) buf)) | 125 | if (res > 0 && put_user(ucnt, (__u64 __user *) buf)) |
127 | return -EFAULT; | 126 | return -EFAULT; |
128 | 127 | ||
@@ -143,7 +142,7 @@ static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t c | |||
143 | return -EFAULT; | 142 | return -EFAULT; |
144 | if (ucnt == ULLONG_MAX) | 143 | if (ucnt == ULLONG_MAX) |
145 | return -EINVAL; | 144 | return -EINVAL; |
146 | spin_lock_irq(&ctx->lock); | 145 | spin_lock_irq(&ctx->wqh.lock); |
147 | res = -EAGAIN; | 146 | res = -EAGAIN; |
148 | if (ULLONG_MAX - ctx->count > ucnt) | 147 | if (ULLONG_MAX - ctx->count > ucnt) |
149 | res = sizeof(ucnt); | 148 | res = sizeof(ucnt); |
@@ -159,9 +158,9 @@ static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t c | |||
159 | res = -ERESTARTSYS; | 158 | res = -ERESTARTSYS; |
160 | break; | 159 | break; |
161 | } | 160 | } |
162 | spin_unlock_irq(&ctx->lock); | 161 | spin_unlock_irq(&ctx->wqh.lock); |
163 | schedule(); | 162 | schedule(); |
164 | spin_lock_irq(&ctx->lock); | 163 | spin_lock_irq(&ctx->wqh.lock); |
165 | } | 164 | } |
166 | __remove_wait_queue(&ctx->wqh, &wait); | 165 | __remove_wait_queue(&ctx->wqh, &wait); |
167 | __set_current_state(TASK_RUNNING); | 166 | __set_current_state(TASK_RUNNING); |
@@ -171,7 +170,7 @@ static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t c | |||
171 | if (waitqueue_active(&ctx->wqh)) | 170 | if (waitqueue_active(&ctx->wqh)) |
172 | wake_up_locked(&ctx->wqh); | 171 | wake_up_locked(&ctx->wqh); |
173 | } | 172 | } |
174 | spin_unlock_irq(&ctx->lock); | 173 | spin_unlock_irq(&ctx->wqh.lock); |
175 | 174 | ||
176 | return res; | 175 | return res; |
177 | } | 176 | } |
@@ -210,7 +209,6 @@ asmlinkage long sys_eventfd(unsigned int count) | |||
210 | return -ENOMEM; | 209 | return -ENOMEM; |
211 | 210 | ||
212 | init_waitqueue_head(&ctx->wqh); | 211 | init_waitqueue_head(&ctx->wqh); |
213 | spin_lock_init(&ctx->lock); | ||
214 | ctx->count = count; | 212 | ctx->count = count; |
215 | 213 | ||
216 | /* | 214 | /* |