On Sat, 26 Mar 2022, Kuniyuki Iwashima wrote:
syzbot had reported another race around ep->rdllist. ep_poll() calls list_empty_careful() locklessly to check if the list is empty or not by testing rdllist->prev == rdllist->next. When the list does not have any nodes, the next and prev arguments of __list_add() is the same head pointer. Thus the write to head->prev there is racy with lockless list_empty_careful() and needs WRITE_ONCE() to avoid store-tearing. Note that the reader side is already fixed in the patch [0]. [0]: https://lore.kernel.org/mm-commits/20220326031647.DD24EC004DD@xxxxxxxxxxxxxxx/ BUG: KCSAN: data-race in do_epoll_ctl / do_epoll_wait
I think this needs to be part of the same list-fix-a-data-race-around-ep-rdllist.patch Thanks, Davidlohr
