Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 900e0bbe authored by Al Viro's avatar Al Viro Committed by Bharath
Browse files

epoll: do not insert into poll queues until all sanity checks are done 



Issue: FP3SEC-211
Change-Id: Ic72328e7ef18af5f0b6414d1097a9096431a9ecc
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit f8d4f44df056c5b504b0d49683fb7279218fd207)
(cherry picked from commit c05f972c)
(cherry picked from commit 5228dc4b2f2ed54602cff14e73280e881940ec98)
parent b73423f7

fs/eventpoll.c

+18 −19
Original line number Diff line number Diff line
@@ -1333,6 +1333,22 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, 
		RCU_INIT_POINTER(epi->ws, NULL);

	}



	/* Add the current item to the list of active epoll hook for this file */

	spin_lock(&tfile->f_lock);

	list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);

	spin_unlock(&tfile->f_lock);



	/*

	 * Add the current item to the RB tree. All RB tree operations are

	 * protected by "mtx", and ep_insert() is called with "mtx" held.

	 */

	ep_rbtree_insert(ep, epi);



	/* now check if we've created too many backpaths */

	error = -EINVAL;

	if (full_check && reverse_path_check())

		goto error_remove_epi;



	/* Initialize the poll table using the queue callback */

	epq.epi = epi;

	init_poll_funcptr(&epq.pt, ep_ptable_queue_proc);
@@ -1355,22 +1371,6 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, 
	if (epi->nwait < 0)

		goto error_unregister;



	/* Add the current item to the list of active epoll hook for this file */

	spin_lock(&tfile->f_lock);

	list_add_tail_rcu(&epi->fllink, &tfile->f_ep_links);

	spin_unlock(&tfile->f_lock);



	/*

	 * Add the current item to the RB tree. All RB tree operations are

	 * protected by "mtx", and ep_insert() is called with "mtx" held.

	 */

	ep_rbtree_insert(ep, epi);



	/* now check if we've created too many backpaths */

	error = -EINVAL;

	if (full_check && reverse_path_check())

		goto error_remove_epi;



	/* We have to drop the new item inside our item list to keep track of it */

	spin_lock_irqsave(&ep->lock, flags);
@@ -1396,6 +1396,8 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, 


	return 0;



error_unregister:

	ep_unregister_pollwait(ep, epi);

error_remove_epi:

	spin_lock(&tfile->f_lock);

	list_del_rcu(&epi->fllink);
@@ -1403,9 +1405,6 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, 


	rb_erase(&epi->rbn, &ep->rbr);



error_unregister:

	ep_unregister_pollwait(ep, epi);



	/*

	 * We need to do this because an event could have been arrived on some

	 * allocated wait queue. Note that we don't care about the ep->ovflist