On 6/15/21 10:13 PM, Xie Yongji wrote: > Increase the recursion depth of eventfd_signal() to 1. This > is the maximum recursion depth we have found so far, which > can be triggered with the following call chain: > > kvm_io_bus_write [kvm] > --> ioeventfd_write [kvm] > --> eventfd_signal [eventfd] > --> vhost_poll_wakeup [vhost] > --> vduse_vdpa_kick_vq [vduse] > --> eventfd_signal [eventfd] > > Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx> > Acked-by: Jason Wang <jasowang@xxxxxxxxxx> The fix had been posted one year ago. https://lore.kernel.org/lkml/20200410114720.24838-1-zhe.he@xxxxxxxxxxxxx/ > --- > fs/eventfd.c | 2 +- > include/linux/eventfd.h | 5 ++++- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/fs/eventfd.c b/fs/eventfd.c > index e265b6dd4f34..cc7cd1dbedd3 100644 > --- a/fs/eventfd.c > +++ b/fs/eventfd.c > @@ -71,7 +71,7 @@ __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n) > * it returns true, the eventfd_signal() call should be deferred to a > * safe context. > */ > - if (WARN_ON_ONCE(this_cpu_read(eventfd_wake_count))) > + if (WARN_ON_ONCE(this_cpu_read(eventfd_wake_count) > EFD_WAKE_DEPTH)) > return 0; > > spin_lock_irqsave(&ctx->wqh.lock, flags); > diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h > index fa0a524baed0..886d99cd38ef 100644 > --- a/include/linux/eventfd.h > +++ b/include/linux/eventfd.h > @@ -29,6 +29,9 @@ > #define EFD_SHARED_FCNTL_FLAGS (O_CLOEXEC | O_NONBLOCK) > #define EFD_FLAGS_SET (EFD_SHARED_FCNTL_FLAGS | EFD_SEMAPHORE) > > +/* Maximum recursion depth */ > +#define EFD_WAKE_DEPTH 1 > + > struct eventfd_ctx; > struct file; > > @@ -47,7 +50,7 @@ DECLARE_PER_CPU(int, eventfd_wake_count); > > static inline bool eventfd_signal_count(void) > { > - return this_cpu_read(eventfd_wake_count); > + return this_cpu_read(eventfd_wake_count) > EFD_WAKE_DEPTH; count is just count. How deep is acceptable should be put where eventfd_signal_count is called. Zhe > } > > #else /* CONFIG_EVENTFD */