Before the removal of epmutex, the acquisition of epmutex in
eventpoll_release_file() will prevent the freeing of file, so
it's OK to iterate files in tfile_check_list.
And now epmutex is removed, so when releasing file, we need
to remove file from tfile_check_list to ensure the validity
of file.
Signed-off-by: Hou Tao <hout...@huawei.com>
---
fs/eventpoll.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 44ea587..998c635 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1029,6 +1029,18 @@ void eventpoll_release_file(struct file *file)
ep_remove(ep, epi);
mutex_unlock(&ep->mtx);
}
+
+ /*
+ * The file can not been added to tfile_check_list again, because
+ * (1) its refcnt has been zero, so ep_ctrl() can no longer get its
reference
+ * (2) its related ep items have been removed, so ep_loop_check_proc()
+ * can not get the file by ep->rbr
+ */
+ if (!list_empty_careful(&file->f_tfile_llink)) {
+ mutex_lock(&epmutex);
+ list_del_init(&file->f_tfile_llink);
+ mutex_unlock(&epmutex);
+ }
}
static int ep_alloc(struct eventpoll **pep)
--
2.7.5
