From 2d9e350d920bd30a83820ac9e50e194a5c233d57 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 9 Mar 2019 15:28:51 +0800 Subject: [PATCH] aio_poll_wake(): don't set ->woken if we ignore the wakeup euler inclusion category: bugfix bugzilla: 10679 CVE: NA --------------------------- In case of early wakeups, aio_poll() assumes that aio_poll_complete() has either already happened or is imminent. In that case we do not want to put iocb on the list of cancellables. However, ignored wakeups need to be treated as if wakeup has not happened at all. Trivially fixed by having aio_poll_wake() set ->woken only after it's committed to taking iocb out of the waitqueue. Link: https://patchwork.kernel.org/patch/10842107/ Suggested-by: zhengbin Signed-off-by: Al Viro Signed-off-by: zhengbin Reviewed-by: zhangyi (F) Signed-off-by: Yang Yingliang --- fs/aio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index e5f1f2ba9d14..8e624e3a7be9 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1662,13 +1662,13 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll); __poll_t mask = key_to_poll(key); + /* for instances that support it check for an event match first: */ + if (mask && !(mask & req->events)) + return 0; + req->woken = true; - /* for instances that support it check for an event match first: */ if (mask) { - if (!(mask & req->events)) - return 0; - /* try to complete the iocb inline if we can: */ if (spin_trylock(&iocb->ki_ctx->ctx_lock)) { list_del(&iocb->ki_list); -- GitLab