This series fixes two bugs in aio poll, and one issue with POLLFREE more broadly. This is intended to replace "[PATCH v5] aio: Add support for the POLLFREE" (https://lore.kernel.org/r/20211027011834.2497484-1-ramjiyani@xxxxxxxxxx) which has some bugs. Careful review is appreciated; the aio poll code is very hard to work with, and it doesn't appear to have many tests. I've verified that it passes the libaio test suite, which provides some coverage of poll. Note, it looks like io_uring has the same bugs as aio poll. I haven't tried to fix io_uring. This series applies to v5.16-rc4. Changed v2 => v3: - Fixed a few commit messages and comments. - Mention that libaio test suite still passes. Changed v1 => v2: - Added wake_up_pollfree(). - Various fixes to the aio poll fixes. - Improved some comments in aio poll. Eric Biggers (5): wait: add wake_up_pollfree() binder: use wake_up_pollfree() signalfd: use wake_up_pollfree() aio: keep poll requests on waitqueue until completed aio: fix use-after-free due to missing POLLFREE handling drivers/android/binder.c | 21 ++-- fs/aio.c | 184 ++++++++++++++++++++++++++------ fs/signalfd.c | 12 +-- include/linux/wait.h | 26 +++++ include/uapi/asm-generic/poll.h | 2 +- kernel/sched/wait.c | 7 ++ 6 files changed, 195 insertions(+), 57 deletions(-) -- 2.34.1
