3 May
2024
3 May
'24
9:24 p.m.
On Fri, May 03, 2024 at 02:11:30PM -0700, Linus Torvalds wrote:
epoll is a mess, and does various invalid things in the name of performance.
Let's try to rein it in a bit. Something like this, perhaps?
+/*
- The ffd.file pointer may be in the process of
- being torn down due to being closed, but we
- may not have finished eventpoll_release() yet.
- Technically, even with the atomic_long_inc_not_zero,
- the file may have been free'd and then gotten
- re-allocated to something else (since files are
- not RCU-delayed, they are SLAB_TYPESAFE_BY_RCU).
Can we get to ep_item_poll(epi, ...) after eventpoll_release_file() got past __ep_remove()? Because if we can, we have a worse problem - epi freed under us.
If not, we couldn't possibly have reached ->release() yet, let alone freeing anything.