[ upstream commit d63b0e8a628e62ca85a0f7915230186bb92f8bb4 ]
We do io_kbuf_recycle() when arming a poll but every iteration of a
multishot can grab more buffers, which is why we need to flush the kbuf
ring state before continuing with waiting.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: b3fdea6ecb55c ("io_uring: multishot recv")
Reported-by: Muhammad Ramdhan <ramdhan@xxxxxxxxxxx>
Reported-by: Bing-Jhong Billy Jheng <billy@xxxxxxxxxxx>
Reported-by: Jacob Soo <jacob.soo@xxxxxxxxxxx>
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Link: https://lore.kernel.org/r/1bfc9990fe435f1fc6152ca9efeba5eb3e68339c.1738025570.git.asml.silence@xxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
---
io_uring/poll.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/io_uring/poll.c b/io_uring/poll.c
index 5cf4fffe8b6c..2824a3560245 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -350,8 +350,10 @@ void io_poll_task_func(struct io_kiocb *req, struct io_tw_state *ts)
ret = io_poll_check_events(req, ts);
if (ret == IOU_POLL_NO_ACTION) {
+ io_kbuf_recycle(req, 0);
return;
} else if (ret == IOU_POLL_REQUEUE) {
+ io_kbuf_recycle(req, 0);
__io_poll_execute(req, 0);
return;
}
--
2.47.1
