From patchwork Tue Jun 16 02:30:02 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Haskins X-Patchwork-Id: 30455 Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n5G2UIpO023452 for ; Tue, 16 Jun 2009 02:30:18 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751428AbZFPCaN (ORCPT ); Mon, 15 Jun 2009 22:30:13 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1761960AbZFPCaM (ORCPT ); Mon, 15 Jun 2009 22:30:12 -0400 Received: from victor.provo.novell.com ([137.65.250.26]:55616 "EHLO victor.provo.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1763100AbZFPCaK (ORCPT ); Mon, 15 Jun 2009 22:30:10 -0400 Received: from dev.haskins.net (prv-ext-foundry1.gns.novell.com [137.65.251.240]) by victor.provo.novell.com with ESMTP (TLS encrypted); Mon, 15 Jun 2009 20:30:03 -0600 Received: from dev.haskins.net (localhost [127.0.0.1]) by dev.haskins.net (Postfix) with ESMTP id 42F3E4641F6; Mon, 15 Jun 2009 22:30:02 -0400 (EDT) From: Gregory Haskins Subject: [KVM-RFC PATCH 2/2] eventfd: add module reference counting support for registered notifiers To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, avi@redhat.com, mst@redhat.com, davidel@xmailserver.org, paulmck@linux.vnet.ibm.com Date: Mon, 15 Jun 2009 22:30:02 -0400 Message-ID: <20090616023001.23890.10136.stgit@dev.haskins.net> In-Reply-To: <20090616022041.23890.90120.stgit@dev.haskins.net> References: <20090616022041.23890.90120.stgit@dev.haskins.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Michael Tsirkin found a race condition in the irqfd code where we may allow the underlying eventfd object to race with the rmmod of kvm.ko. Since we now use eventfd_notifier for irqfd, lets add a struct module *owner field to properly maintain references to our registered signal handlers. Found-by: Michael S. Tsirkin CC: Davide Libenzi Signed-off-by: Gregory Haskins --- fs/eventfd.c | 8 ++++++++ include/linux/eventfd.h | 3 +++ 2 files changed, 11 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/eventfd.c b/fs/eventfd.c index 505d5de..babedb3 100644 --- a/fs/eventfd.c +++ b/fs/eventfd.c @@ -108,9 +108,12 @@ static int eventfd_release(struct inode *inode, struct file *file) * path */ list_for_each_entry_safe(en, tmp, &ctx->nh, list) { + struct module *owner = en->owner; + list_del(&en->list); if (en->ops->release) en->ops->release(en); + module_put(owner); } synchronize_srcu(&ctx->srcu); @@ -261,6 +264,9 @@ static int _eventfd_notifier_register(struct eventfd_ctx *ctx, { unsigned long flags; + if (!try_module_get(en->owner)) + return -EINVAL; + spin_lock_irqsave(&ctx->wqh.lock, flags); list_add_tail_rcu(&en->list, &ctx->nh); spin_unlock_irqrestore(&ctx->wqh.lock, flags); @@ -292,6 +298,8 @@ int eventfd_notifier_unregister(struct file *file, struct eventfd_notifier *en) synchronize_srcu(&ctx->srcu); + module_put(en->owner); + return 0; } EXPORT_SYMBOL_GPL(eventfd_notifier_unregister); diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h index 0218cf6..f534bcd 100644 --- a/include/linux/eventfd.h +++ b/include/linux/eventfd.h @@ -9,6 +9,7 @@ #define _LINUX_EVENTFD_H #include +#include struct eventfd_notifier; @@ -18,6 +19,7 @@ struct eventfd_notifier_ops { }; struct eventfd_notifier { + struct module *owner; struct list_head list; const struct eventfd_notifier_ops *ops; }; @@ -26,6 +28,7 @@ static inline void eventfd_notifier_init(struct eventfd_notifier *en, const struct eventfd_notifier_ops *ops) { memset(en, 0, sizeof(*en)); + en->owner = THIS_MODULE; INIT_LIST_HEAD(&en->list); en->ops = ops; }