Michael S. Tsirkin wrote:
> On Thu, Jun 11, 2009 at 04:16:47PM +0300, Michael S. Tsirkin wrote:
>
>>> +
>>> + ret = file->f_op->poll(file, &irqfd->pt);
>>> + if (ret < 0)
>>> + goto fail;
>>>
>
> Looking at it some more, we have:
> struct file_operations {
> ....
> unsigned int (*poll) (struct file *, struct poll_table_struct *);
>
> So the comparison above does not seem to make sense:
> it seems that the return value from poll can not be negative.
>
Indeed. Will fix.
> Will the callback be executed if someone did a write to eventfd
> before we attached it? If no, maybe we should call it here
> if ret != 0.
>
I do the cleanup in case the callback has been called, but poll() fails
somewhere internally afterwards. Perhaps this is not a realistic
scenario, but it was my motivation for adding the wqh cleanup.
>
>
>>> +
>>> + irqfd->file = file;
>>> +
>>> + mutex_lock(&kvm->lock);
>>> + list_add_tail(&irqfd->list, &kvm->irqfds);
>>> + mutex_unlock(&kvm->lock);
>>> +
>>> + return 0;
>>> +
>>> +fail:
>>> + if (irqfd->wqh)
>>> + remove_wait_queue(irqfd->wqh, &irqfd->wait);
>>>
>> Why are these 2 lines here? Either we might get a callback even though
>> poll failed - and then this test without lock is probably racy -
>> or we can't, and then we can replace the above with BUG_ON(irqfd->wqh).
>>
>> Which is it? I think the later ...
>>
>>
>>
>>> +
>>> + if (file && !IS_ERR(file))
>>> + fput(file);
>>> +
>>> + kfree(irqfd);
>>> + return ret;
>>> +}
>>> +
>>>
Attachment:
signature.asc
Description: OpenPGP digital signature
