epoll: do not insert into poll queues until all sanity checks are done
commit f8d4f44df0 upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
5.4-rM2-2.2.x-imx-squashed
Al Viro
Greg Kroah-Hartman
parent
8db44b30d3
commit
8993da3d4d
|
|
@ -1527,6 +1527,22 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
|
|||
RCU_INIT_POINTER(epi->ws, NULL);
|
||||
}
|
||||
|
||||
/* Add the current item to the list of active epoll hook for this file */
|
||||
spin_lock(&tfile->f_lock);
|
||||
list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);
|
||||
spin_unlock(&tfile->f_lock);
|
||||
|
||||
/*
|
||||
* Add the current item to the RB tree. All RB tree operations are
|
||||
* protected by "mtx", and ep_insert() is called with "mtx" held.
|
||||
*/
|
||||
ep_rbtree_insert(ep, epi);
|
||||
|
||||
/* now check if we've created too many backpaths */
|
||||
error = -EINVAL;
|
||||
if (full_check && reverse_path_check())
|
||||
goto error_remove_epi;
|
||||
|
||||
/* Initialize the poll table using the queue callback */
|
||||
epq.epi = epi;
|
||||
init_poll_funcptr(&epq.pt, ep_ptable_queue_proc);
|
||||
|
|
@ -1549,22 +1565,6 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
|
|||
if (epi->nwait < 0)
|
||||
goto error_unregister;
|
||||
|
||||
/* Add the current item to the list of active epoll hook for this file */
|
||||
spin_lock(&tfile->f_lock);
|
||||
list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);
|
||||
spin_unlock(&tfile->f_lock);
|
||||
|
||||
/*
|
||||
* Add the current item to the RB tree. All RB tree operations are
|
||||
* protected by "mtx", and ep_insert() is called with "mtx" held.
|
||||
*/
|
||||
ep_rbtree_insert(ep, epi);
|
||||
|
||||
/* now check if we've created too many backpaths */
|
||||
error = -EINVAL;
|
||||
if (full_check && reverse_path_check())
|
||||
goto error_remove_epi;
|
||||
|
||||
/* We have to drop the new item inside our item list to keep track of it */
|
||||
write_lock_irq(&ep->lock);
|
||||
|
||||
|
|
@ -1593,6 +1593,8 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event,
|
|||
|
||||
return 0;
|
||||
|
||||
error_unregister:
|
||||
ep_unregister_pollwait(ep, epi);
|
||||
error_remove_epi:
|
||||
spin_lock(&tfile->f_lock);
|
||||
list_del_rcu(&epi->fllink);
|
||||
|
|
@ -1600,9 +1602,6 @@ error_remove_epi:
|
|||
|
||||
rb_erase_cached(&epi->rbn, &ep->rbr);
|
||||
|
||||
error_unregister:
|
||||
ep_unregister_pollwait(ep, epi);
|
||||
|
||||
/*
|
||||
* We need to do this because an event could have been arrived on some
|
||||
* allocated wait queue. Note that we don't care about the ep->ovflist
|
||||
|
|
|
|||
Loading…
Reference in New Issue