1. Patchew
  2. linux
  3. View series

[PATCH vfs.fixes] eventpoll: Prevent hang in epoll_wait

Joe Damato posted 1 patch 9 months, 2 weeks ago 
fs/eventpoll.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[PATCH vfs.fixes] eventpoll: Prevent hang in epoll_wait
Posted by Joe Damato 9 months, 2 weeks ago 
In commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the
future"), a bug was introduced causing the loop in ep_poll to hang under
certain circumstances.

When the timeout is non-NULL and ep_schedule_timeout returns false, the
flag timed_out was not set to true. This causes a hang.

Adjust the logic and set timed_out, if needed, fixing the original code.

Reported-by: Christian Brauner <brauner@kernel.org>
Closes: https://lore.kernel.org/linux-fsdevel/20250426-haben-redeverbot-0b58878ac722@brauner/
Reported-by: Mike Pagano <mpagano@gentoo.org>
Closes: https://bugs.gentoo.org/954806
Reported-by: Carlos Llamas <cmllamas@google.com>
Closes: https://lore.kernel.org/linux-fsdevel/aBAB_4gQ6O_haAjp@google.com/
Fixes: 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future")
Tested-by: Carlos Llamas <cmllamas@google.com>
Signed-off-by: Joe Damato <jdamato@fastly.com>
---
 fs/eventpoll.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 4bc264b854c4..1a5d1147f082 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -2111,7 +2111,9 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events,
 
 		write_unlock_irq(&ep->lock);
 
-		if (!eavail && ep_schedule_timeout(to))
+		if (!ep_schedule_timeout(to))
+			timed_out = 1;
+		else if (!eavail)
 			timed_out = !schedule_hrtimeout_range(to, slack,
 							      HRTIMER_MODE_ABS);
 		__set_current_state(TASK_RUNNING);

base-commit: f520bed25d17bb31c2d2d72b0a785b593a4e3179
-- 
2.43.0
Re: [PATCH vfs.fixes] eventpoll: Prevent hang in epoll_wait
Posted by Max Kellermann 9 months, 2 weeks ago 
On Tue, Apr 29, 2025 at 9:22 PM Joe Damato <jdamato@fastly.com> wrote:
> In commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the
> future"), a bug was introduced causing the loop in ep_poll to hang under
> certain circumstances.
>
> When the timeout is non-NULL and ep_schedule_timeout returns false, the
> flag timed_out was not set to true. This causes a hang.
>
> Adjust the logic and set timed_out, if needed, fixing the original code.

Hi Joe,

we have been working on the fix at the same time, this is my fix:

 https://lore.kernel.org/linux-fsdevel/20250429185827.3564438-1-max.kellermann@ionos.com/T/#u

I think mine is better because it checks "eavail" before setting
"timed_out", preserving the old behavior (before commit 0a65bc27bd64).
Your version may set "timed_out" and thus does an unnecessary
list_empty() call in the following block. (And maybe it can reset
"evail" to false?)

Max
Re: [PATCH vfs.fixes] eventpoll: Prevent hang in epoll_wait
Posted by Joe Damato 9 months, 2 weeks ago 
On Tue, Apr 29, 2025 at 09:28:50PM +0200, Max Kellermann wrote:
> On Tue, Apr 29, 2025 at 9:22 PM Joe Damato <jdamato@fastly.com> wrote:
> > In commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the
> > future"), a bug was introduced causing the loop in ep_poll to hang under
> > certain circumstances.
> >
> > When the timeout is non-NULL and ep_schedule_timeout returns false, the
> > flag timed_out was not set to true. This causes a hang.
> >
> > Adjust the logic and set timed_out, if needed, fixing the original code.
> 
> Hi Joe,
> 
> we have been working on the fix at the same time, this is my fix:
> 
>  https://lore.kernel.org/linux-fsdevel/20250429185827.3564438-1-max.kellermann@ionos.com/T/#u
> 
> I think mine is better because it checks "eavail" before setting
> "timed_out", preserving the old behavior (before commit 0a65bc27bd64).
> Your version may set "timed_out" and thus does an unnecessary
> list_empty() call in the following block. (And maybe it can reset
> "evail" to false?)

I think it's up to the maintainers to decide which patch is
preferred; I don't really have a preference.
Re: [PATCH vfs.fixes] eventpoll: Prevent hang in epoll_wait
Posted by Jan Kara 9 months, 2 weeks ago 
On Tue 29-04-25 15:34:19, Joe Damato wrote:
> In commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the
> future"), a bug was introduced causing the loop in ep_poll to hang under
> certain circumstances.
> 
> When the timeout is non-NULL and ep_schedule_timeout returns false, the
> flag timed_out was not set to true. This causes a hang.
> 
> Adjust the logic and set timed_out, if needed, fixing the original code.
> 
> Reported-by: Christian Brauner <brauner@kernel.org>
> Closes: https://lore.kernel.org/linux-fsdevel/20250426-haben-redeverbot-0b58878ac722@brauner/
> Reported-by: Mike Pagano <mpagano@gentoo.org>
> Closes: https://bugs.gentoo.org/954806
> Reported-by: Carlos Llamas <cmllamas@google.com>
> Closes: https://lore.kernel.org/linux-fsdevel/aBAB_4gQ6O_haAjp@google.com/
> Fixes: 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future")
> Tested-by: Carlos Llamas <cmllamas@google.com>
> Signed-off-by: Joe Damato <jdamato@fastly.com>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/eventpoll.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/eventpoll.c b/fs/eventpoll.c
> index 4bc264b854c4..1a5d1147f082 100644
> --- a/fs/eventpoll.c
> +++ b/fs/eventpoll.c
> @@ -2111,7 +2111,9 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events,
>  
>  		write_unlock_irq(&ep->lock);
>  
> -		if (!eavail && ep_schedule_timeout(to))
> +		if (!ep_schedule_timeout(to))
> +			timed_out = 1;
> +		else if (!eavail)
>  			timed_out = !schedule_hrtimeout_range(to, slack,
>  							      HRTIMER_MODE_ABS);
>  		__set_current_state(TASK_RUNNING);
> 
> base-commit: f520bed25d17bb31c2d2d72b0a785b593a4e3179
> -- 
> 2.43.0
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.