Am 07.05.24 um 12:40 schrieb Daniel Vetter:
On Tue, May 07, 2024 at 11:58:33AM +0200, Christian König wrote:
Am 06.05.24 um 08:52 schrieb Fedor Pchelkin:
On Fri, 03. May 14:08, Dmitry Antipov wrote:
On 5/3/24 11:18 AM, Christian König wrote:
Attached is a compile only tested patch, please ve
On Tue, May 07, 2024 at 11:58:33AM +0200, Christian König wrote:
> Am 06.05.24 um 08:52 schrieb Fedor Pchelkin:
> > On Fri, 03. May 14:08, Dmitry Antipov wrote:
> > > On 5/3/24 11:18 AM, Christian König wrote:
> > >
> > > > Attached is a compile only tested patch, please verify if it fixes your
>
Am 06.05.24 um 08:52 schrieb Fedor Pchelkin:
On Fri, 03. May 14:08, Dmitry Antipov wrote:
On 5/3/24 11:18 AM, Christian König wrote:
Attached is a compile only tested patch, please verify if it fixes your problem.
LGTM, and this is similar to get_file() in __pollwait() and fput() in
free_poll
On Fri, 03. May 14:08, Dmitry Antipov wrote:
> On 5/3/24 11:18 AM, Christian König wrote:
>
> > Attached is a compile only tested patch, please verify if it fixes your
> > problem.
>
> LGTM, and this is similar to get_file() in __pollwait() and fput() in
> free_poll_entry() used in implementatio
On 5/3/24 11:18 AM, Christian König wrote:
Attached is a compile only tested patch, please verify if it fixes your problem.
LGTM, and this is similar to get_file() in __pollwait() and fput() in
free_poll_entry() used in implementation of poll(). Please resubmit to
linux-fsdevel@ including the
Am 03.05.24 um 09:07 schrieb Dmitry Antipov:
On 4/24/24 2:28 PM, Christian König wrote:
I don't fully understand how that happens either, it could be that
there is some bug in the EPOLL_FD code. Maybe it's a race when the
EPOLL file descriptor is closed or something like that.
IIUC the race
On 4/24/24 2:28 PM, Christian König wrote:
I don't fully understand how that happens either, it could be that there is
some bug in the EPOLL_FD code. Maybe it's a race when the EPOLL file descriptor
is closed or something like that.
IIUC the race condition looks like the following:
Thread 0
Am 24.04.24 um 12:19 schrieb Dmitry Antipov:
On 4/24/24 10:09, Christian König wrote:
To repeat what I already said on the other thread: Calling
dma_buf_poll() while fput() is in progress is illegal in the first
place.
So there is nothing to fix in dma_buf_poll(), but rather to figure
out w
On 4/24/24 10:09, Christian König wrote:
To repeat what I already said on the other thread: Calling dma_buf_poll() while
fput() is in progress is illegal in the first place.
So there is nothing to fix in dma_buf_poll(), but rather to figure out who is
incorrectly calling fput().
Hm. OTOH it
Am 23.04.24 um 21:13 schrieb Dmitry Antipov:
Syzbot has found the race condition where 'fput()' is in progress
when 'dma_buf_poll()' makes an attempt to hold the 'struct file'
with zero 'f_count'. So use explicit 'atomic_long_inc_not_zero()'
to detect such a case and cancel an undergoing poll act
Syzbot has found the race condition where 'fput()' is in progress
when 'dma_buf_poll()' makes an attempt to hold the 'struct file'
with zero 'f_count'. So use explicit 'atomic_long_inc_not_zero()'
to detect such a case and cancel an undergoing poll activity with
EPOLLERR.
Reported-by: syzbot+5d4cb
11 matches
Mail list logo