The following changes since commit 0fcfb00b28c0b7884635dacf38e46d60bf3d4eb1: Linux 5.16-rc4 (2021-12-05 14:08:22 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git tags/aio-poll-for-linus for you to fetch changes up to 4b3749865374899e115aa8c48681709b086fe6d3: aio: Fix incorrect usage of eventfd_signal_allowed() (2021-12-09 10:52:55 -0800) ---------------------------------------------------------------- Fix three bugs in aio poll, and one issue with POLLFREE more broadly: - aio poll didn't handle POLLFREE, causing a use-after-free. - aio poll could block while the file is ready. - aio poll called eventfd_signal() when it isn't allowed. - POLLFREE didn't handle multiple exclusive waiters correctly. This has been tested with the libaio test suite, as well as with test programs I wrote that reproduce the first two bugs. I am sending this pull request myself as no one seems to be maintaining this code. ---------------------------------------------------------------- Eric Biggers (5): wait: add wake_up_pollfree() binder: use wake_up_pollfree() signalfd: use wake_up_pollfree() aio: keep poll requests on waitqueue until completed aio: fix use-after-free due to missing POLLFREE handling Xie Yongji (1): aio: Fix incorrect usage of eventfd_signal_allowed() drivers/android/binder.c | 21 ++--- fs/aio.c | 186 ++++++++++++++++++++++++++++++++-------- fs/signalfd.c | 12 +-- include/linux/wait.h | 26 ++++++ include/uapi/asm-generic/poll.h | 2 +- kernel/sched/wait.c | 7 ++ 6 files changed, 196 insertions(+), 58 deletions(-)
