Issuing a request for IO poll and doing actual IO polling might be done
from different syscalls, so userspace's iovec used during submission may
already be gone by the moment of reaping the request and doing reissue
with prep inside is not always safe.
Fail IO poll reissue with -EAGAIN for requests that would need to read
iovec from the userspace. The userspace have to check for it, so it's
fine.
Cc: <stable@xxxxxxxxxxxxxxx> # 5.9+
Reported-by: Abaci Robot <abaci@xxxxxxxxxxxxxxxxx>
Reported-by: Xiaoguang Wang <xiaoguang.wang@xxxxxxxxxxxxxxxxx>
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
fs/io_uring.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index bf9ad810c621..561c29b20463 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2610,8 +2610,11 @@ static void io_iopoll_complete(struct io_ring_ctx *ctx, unsigned int *nr_events,
list_del(&req->inflight_entry);
if (READ_ONCE(req->result) == -EAGAIN) {
+ bool reissue = req->async_data ||
+ !io_op_defs[req->opcode].needs_async_data;
+
req->iopoll_completed = 0;
- if (io_rw_reissue(req))
+ if (reissue && io_rw_reissue(req))
continue;
}
--
2.24.0
