This series fixes two bugs in aio poll, and one issue with POLLFREE more broadly. This is intended to replace "[PATCH v5] aio: Add support for the POLLFREE" (https://lore.kernel.org/r/20211027011834.2497484-1-ramjiyani@xxxxxxxxxx) which has some bugs. Careful review is appreciated; the aio poll code is very hard to work with, and I don't know of an easy way to test it. Suggestions of any aio poll tests to run would be greatly appreciated. Note, it looks like io_uring has the same bugs as aio poll. I haven't tried to fix io_uring. This series applies to v5.16-rc4. Changed v1 => v2: - Added wake_up_pollfree(). - Various fixes to the aio poll fixes. - Improved some comments in aio poll. Eric Biggers (5): wait: add wake_up_pollfree() binder: use wake_up_pollfree() signalfd: use wake_up_pollfree() aio: keep poll requests on waitqueue until completed aio: fix use-after-free due to missing POLLFREE handling drivers/android/binder.c | 21 ++-- fs/aio.c | 184 ++++++++++++++++++++++++++------ fs/signalfd.c | 12 +-- include/linux/wait.h | 26 +++++ include/uapi/asm-generic/poll.h | 2 +- kernel/sched/wait.c | 7 ++ 6 files changed, 195 insertions(+), 57 deletions(-) -- 2.34.1
