This is a note to let you know that I've just added the patch titled
io_uring/poll: add hash if ready poll request can't complete inline
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
io_uring-poll-add-hash-if-ready-poll-request-can-t-complete-inline.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From febb985c06cb6f5fac63598c0bffd4fd823d110d Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@xxxxxxxxx>
Date: Mon, 9 Jan 2023 14:46:10 -0700
Subject: io_uring/poll: add hash if ready poll request can't complete inline
From: Jens Axboe <axboe@xxxxxxxxx>
commit febb985c06cb6f5fac63598c0bffd4fd823d110d upstream.
If we don't, then we may lose access to it completely, leading to a
request leak. This will eventually stall the ring exit process as
well.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 49f1c68e048f ("io_uring: optimise submission side poll_refs")
Reported-and-tested-by: syzbot+6c95df01470a47fc3af4@xxxxxxxxxxxxxxxxxxxxxxxxx
Link: https://lore.kernel.org/io-uring/0000000000009f829805f1ce87b2@xxxxxxxxxx/
Suggested-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
io_uring/poll.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -549,6 +549,14 @@ static bool io_poll_can_finish_inline(st
return pt->owning || io_poll_get_ownership(req);
}
+static void io_poll_add_hash(struct io_kiocb *req)
+{
+ if (req->flags & REQ_F_HASH_LOCKED)
+ io_poll_req_insert_locked(req);
+ else
+ io_poll_req_insert(req);
+}
+
/*
* Returns 0 when it's handed over for polling. The caller owns the requests if
* it returns non-zero, but otherwise should not touch it. Negative values
@@ -607,18 +615,17 @@ static int __io_arm_poll_handler(struct
if (mask &&
((poll->events & (EPOLLET|EPOLLONESHOT)) == (EPOLLET|EPOLLONESHOT))) {
- if (!io_poll_can_finish_inline(req, ipt))
+ if (!io_poll_can_finish_inline(req, ipt)) {
+ io_poll_add_hash(req);
return 0;
+ }
io_poll_remove_entries(req);
ipt->result_mask = mask;
/* no one else has access to the req, forget about the ref */
return 1;
}
- if (req->flags & REQ_F_HASH_LOCKED)
- io_poll_req_insert_locked(req);
- else
- io_poll_req_insert(req);
+ io_poll_add_hash(req);
if (mask && (poll->events & EPOLLET) &&
io_poll_can_finish_inline(req, ipt)) {
Patches currently in stable-queue which might be from axboe@xxxxxxxxx are
queue-6.1/io_uring-poll-add-hash-if-ready-poll-request-can-t-complete-inline.patch
