[ upstream commit d63b0e8a628e62ca85a0f7915230186bb92f8bb4 ]
We do io_kbuf_recycle() when arming a poll but every iteration of a
multishot can grab more buffers, which is why we need to flush the kbuf
ring state before continuing with waiting.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: b3fdea6ecb55c ("io_uring: multishot recv")
Reported-by: Muhammad Ramdhan <ramdhan@xxxxxxxxxxx>
Reported-by: Bing-Jhong Billy Jheng <billy@xxxxxxxxxxx>
Reported-by: Jacob Soo <jacob.soo@xxxxxxxxxxx>
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Link: https://lore.kernel.org/r/1bfc9990fe435f1fc6152ca9efeba5eb3e68339c.1738025570.git.asml.silence@xxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
---
io_uring/poll.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/io_uring/poll.c b/io_uring/poll.c
index a4084acaff91..ab27a627fd4c 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -305,6 +305,8 @@ static int io_poll_check_events(struct io_kiocb *req, bool *locked)
}
} else {
int ret = io_poll_issue(req, locked);
+ io_kbuf_recycle(req, 0);
+
if (ret == IOU_STOP_MULTISHOT)
return IOU_POLL_REMOVE_POLL_USE_RES;
if (ret < 0)
--
2.48.1
