[KVM PATCH 4/4] eventfd: add module reference counting support for registered notifiers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gregory Haskins <ghaskins@novell.com>
To: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, davidel@xmailserver.org,
	mingo@elte.hu, mst@redhat.com, avi@redhat.com,
	paulmck@linux.vnet.ibm.com, rusty@rustcorp.com.au
Subject: [KVM PATCH 4/4] eventfd: add module reference counting support for registered notifiers
Date: Thu, 18 Jun 2009 13:44:32 -0400	[thread overview]
Message-ID: <20090618174431.24119.86543.stgit@dev.haskins.net> (raw)
In-Reply-To: <20090618173534.24119.95115.stgit@dev.haskins.net>

Michael Tsirkin found a race condition in the irqfd code where we may
allow the underlying eventfd object to race with the rmmod of kvm.ko.

Since we now use eventfd_notifier for irqfd, lets add a struct module *owner
field to properly maintain references to our registered signal handlers.

Found-by: Michael S. Tsirkin <mst@redhat.com>
CC: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Gregory Haskins <ghaskins@novell.com>
---

 fs/eventfd.c            |    8 ++++++++
 include/linux/eventfd.h |    3 +++
 2 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/fs/eventfd.c b/fs/eventfd.c
index f9d7e1d..4a073ee 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -260,6 +260,8 @@ static int eventfd_notifier_wakeup(wait_queue_t *wait, unsigned mode,
 		en->ops->signal(en);
 
 	if (flags & POLLHUP) {
+		struct module *owner = en->owner;
+
 		/*
 		 * The POLLHUP is called unlocked, so it theoretically should
 		 * be safe to remove ourselves from the wqh using the locked
@@ -267,6 +269,8 @@ static int eventfd_notifier_wakeup(wait_queue_t *wait, unsigned mode,
 		 */
 		remove_wait_queue(en->wqh, &en->wait);
 		en->ops->release(en);
+
+		module_put(owner);
 	}
 
 	return 0;
@@ -291,6 +295,9 @@ int eventfd_notifier_register(struct file *file, struct eventfd_notifier *en)
 	if (file->f_op != &eventfd_fops)
 		return -EINVAL;
 
+	if (!try_module_get(en->owner))
+		return -EINVAL;
+
 	/*
 	 * Install our own custom wake-up handling so we are notified via
 	 * a callback whenever someone signals the underlying eventfd
@@ -310,6 +317,7 @@ int eventfd_notifier_unregister(struct file *file, struct eventfd_notifier *en)
 		return -EINVAL;
 
 	remove_wait_queue(en->wqh, &en->wait);
+	module_put(en->owner);
 
 	return 0;
 }
diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
index 802b59d..7e015f0 100644
--- a/include/linux/eventfd.h
+++ b/include/linux/eventfd.h
@@ -12,6 +12,7 @@
 #include <linux/poll.h>
 #include <linux/file.h>
 #include <linux/list.h>
+#include <linux/module.h>
 
 struct eventfd_notifier;
 
@@ -21,6 +22,7 @@ struct eventfd_notifier_ops {
 };
 
 struct eventfd_notifier {
+	struct module                     *owner;
 	poll_table                         pt;
 	wait_queue_head_t                 *wqh;
 	wait_queue_t                       wait;
@@ -31,6 +33,7 @@ static inline void eventfd_notifier_init(struct eventfd_notifier *en,
 					 const struct eventfd_notifier_ops *ops)
 {
 	memset(en, 0, sizeof(*en));
+	en->owner = THIS_MODULE;
 	en->ops = ops;
 }

next prev parent reply	other threads:[~2009-06-18 17:45 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-18 17:44 [KVM PATCH 0/4] irqfd fixes/enhancements Gregory Haskins
2009-06-18 17:44 ` [KVM PATCH 1/4] KVM: update inaccurate irqfd comment Gregory Haskins
2009-06-18 17:44 ` [KVM PATCH 2/4] KVM: fix irqfd error checking Gregory Haskins
2009-06-18 17:44 ` [KVM PATCH 3/4] eventfd: add generalized notifier interface Gregory Haskins
2009-06-18 17:45   ` Davide Libenzi
2009-06-18 18:46     ` Gregory Haskins
2009-06-18 18:48     ` Gregory Haskins
2009-06-18 17:44 ` Gregory Haskins [this message]
2009-06-21 12:56 ` [KVM PATCH 0/4] irqfd fixes/enhancements Avi Kivity

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f9d7e1d dfblob:4a073ee dfblob:802b59d dfblob:7e015f0 )
 OR (
bs:"[KVM PATCH 4/4] eventfd: add module reference counting support for registered notifiers" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090618174431.24119.86543.stgit@dev.haskins.net \
    --to=ghaskins@novell.com \
    --cc=avi@redhat.com \
    --cc=davidel@xmailserver.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=mst@redhat.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.