Merge tag 'mac80211-next-for-davem-2016-04-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next into master

To synchronize with Kalle, here's just a big change that affects all drivers - removing the duplicated enum ieee80211_band and replacing it by enum nl80211_band. On top of that, just a small documentation update.
author: Luca Coelho <luciano.coelho@intel.com> 2016-05-10 10:30:56 +0300
committer: Luca Coelho <luciano.coelho@intel.com> 2016-05-10 10:30:56 +0300
commit: bae6692c24236d0203f88a444986d86437a858fa (patch)
tree: 0f9bee1250af3046fa46049736b615b81e60f56e /fs/eventfd.c
parent: 46167a8fd4248533ad15867e6988ff20e76de641 (diff)
parent: 57fbcce37be7c1d2622b56587c10ade00e96afa3 (diff)
1 files changed, 40 insertions, 2 deletions
diff --git a/fs/eventfd.c b/fs/eventfd.c
index ed70cf9fdc7b..1231cd1999d8 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -121,8 +121,46 @@ static unsigned int eventfd_poll(struct file *file, poll_table *wait)
 	u64 count;
 
 	poll_wait(file, &ctx->wqh, wait);
-	smp_rmb();
-	count = ctx->count;
+
+	/*
+	 * All writes to ctx->count occur within ctx->wqh.lock.  This read
+	 * can be done outside ctx->wqh.lock because we know that poll_wait
+	 * takes that lock (through add_wait_queue) if our caller will sleep.
+	 *
+	 * The read _can_ therefore seep into add_wait_queue's critical
+	 * section, but cannot move above it!  add_wait_queue's spin_lock acts
+	 * as an acquire barrier and ensures that the read be ordered properly
+	 * against the writes.  The following CAN happen and is safe:
+	 *
+	 *     poll                               write
+	 *     -----------------                  ------------
+	 *     lock ctx->wqh.lock (in poll_wait)
+	 *     count = ctx->count
+	 *     __add_wait_queue
+	 *     unlock ctx->wqh.lock
+	 *                                        lock ctx->qwh.lock
+	 *                                        ctx->count += n
+	 *                                        if (waitqueue_active)
+	 *                                          wake_up_locked_poll
+	 *                                        unlock ctx->qwh.lock
+	 *     eventfd_poll returns 0
+	 *
+	 * but the following, which would miss a wakeup, cannot happen:
+	 *
+	 *     poll                               write
+	 *     -----------------                  ------------
+	 *     count = ctx->count (INVALID!)
+	 *                                        lock ctx->qwh.lock
+	 *                                        ctx->count += n
+	 *                                        **waitqueue_active is false**
+	 *                                        **no wake_up_locked_poll!**
+	 *                                        unlock ctx->qwh.lock
+	 *     lock ctx->wqh.lock (in poll_wait)
+	 *     __add_wait_queue
+	 *     unlock ctx->wqh.lock
+	 *     eventfd_poll returns 0
+	 */
+	count = READ_ONCE(ctx->count);
 
 	if (count > 0)
 		events |= POLLIN;
author	Luca Coelho <luciano.coelho@intel.com>	2016-05-10 10:30:56 +0300
committer	Luca Coelho <luciano.coelho@intel.com>	2016-05-10 10:30:56 +0300
commit	bae6692c24236d0203f88a444986d86437a858fa (patch)
tree	0f9bee1250af3046fa46049736b615b81e60f56e /fs/eventfd.c
parent	46167a8fd4248533ad15867e6988ff20e76de641 (diff)
parent	57fbcce37be7c1d2622b56587c10ade00e96afa3 (diff)