Re: [PATCH] [RFC] dma-buf: fix race condition between poll and close

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/24/24 10:09, Christian König wrote:

To repeat what I already said on the other thread: Calling dma_buf_poll() while fput() is in progress is illegal in the first place.

So there is nothing to fix in dma_buf_poll(), but rather to figure out who is incorrectly calling fput().

Hm. OTOH it's legal if userspace app calls close([fd]) in one thread when another
thread sleeps in (e)poll({..., [fd], ...}) (IIUC this is close to what the syzbot
reproducer actually does). What behavior should be considered as valid in this
(yes, really weird) scenario?

Dmitry





[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux