aio poll fixes for 5.16-rc5

Fix three bugs in aio poll, and one issue with POLLFREE more broadly:

  - aio poll didn't handle POLLFREE, causing a use-after-free.
  - aio poll could block while the file is ready.
  - aio poll called eventfd_signal() when it isn't allowed.
  - POLLFREE didn't handle multiple exclusive waiters correctly.

This has been tested with the libaio test suite, as well as with test
programs I wrote that reproduce the first two bugs.  I am sending this
pull request myself as no one seems to be maintaining this code.
aio: Fix incorrect usage of eventfd_signal_allowed()

We should defer eventfd_signal() to the workqueue when
eventfd_signal_allowed() return false rather than return
true.

Fixes: b542e383d8c0 ("eventfd: Make signal recursion protection a task bit")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: https://lore.kernel.org/r/20210913111928.98-1-xieyongji@bytedance.com
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
1 file changed