This is a note to let you know that I've just added the patch titled
io_uring/poll: don't reissue in case of poll race on multishot request
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
io_uring-poll-don-t-reissue-in-case-of-poll-race-on-multishot-request.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 8caa03f10bf92cb8657408a6ece6a8a73f96ce13 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@xxxxxxxxx>
Date: Fri, 20 Jan 2023 15:08:21 -0700
Subject: io_uring/poll: don't reissue in case of poll race on multishot request
From: Jens Axboe <axboe@xxxxxxxxx>
commit 8caa03f10bf92cb8657408a6ece6a8a73f96ce13 upstream.
A previous commit fixed a poll race that can occur, but it's only
applicable for multishot requests. For a multishot request, we can safely
ignore a spurious wakeup, as we never leave the waitqueue to begin with.
A blunt reissue of a multishot armed request can cause us to leak a
buffer, if they are ring provided. While this seems like a bug in itself,
it's not really defined behavior to reissue a multishot request directly.
It's less efficient to do so as well, and not required to rearm anything
like it is for singleshot poll requests.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 6e5aedb9324a ("io_uring/poll: attempt request issue after racy poll wakeup")
Reported-and-tested-by: Olivier Langlois <olivier@xxxxxxxxxxxxxx>
Link: https://github.com/axboe/liburing/issues/778
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
io_uring/poll.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -281,8 +281,12 @@ static int io_poll_check_events(struct i
* to the waitqueue, so if we get nothing back, we
* should be safe and attempt a reissue.
*/
- if (unlikely(!req->cqe.res))
+ if (unlikely(!req->cqe.res)) {
+ /* Multishot armed need not reissue */
+ if (!(req->apoll_events & EPOLLONESHOT))
+ continue;
return IOU_POLL_REISSUE;
+ }
}
if (req->apoll_events & EPOLLONESHOT)
return IOU_POLL_DONE;
Patches currently in stable-queue which might be from axboe@xxxxxxxxx are
queue-6.1/io_uring-poll-don-t-reissue-in-case-of-poll-race-on-multishot-request.patch
queue-6.1/pktcdvd-check-for-null-returna-fter-calling-bio_split_to_limits.patch
