diff options
| author | Jens Axboe | 2023-03-27 19:56:18 -0600 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2023-04-06 12:10:51 +0200 |
| commit | 3eb2138d4693d81aa6e5514f439be255117cae63 (patch) | |
| tree | 0760e7457477b380650839948ec96bc0623d777c | |
| parent | e5da11825ef7c3f4760b235e04e225e7c8746279 (diff) | |
io_uring/poll: clear single/double poll flags on poll arming
commit 005308f7bdacf5685ed1a431244a183dbbb9e0e8 upstream.
Unless we have at least one entry queued, then don't call into
io_poll_remove_entries(). Normally this isn't possible, but if we
retry poll then we can have ->nr_entries cleared again as we're
setting it up. If this happens for a poll retry, then we'll still have
at least REQ_F_SINGLE_POLL set. io_poll_remove_entries() then thinks
it has entries to remove.
Clear REQ_F_SINGLE_POLL and REQ_F_DOUBLE_POLL unconditionally when
arming a poll request.
Fixes: c16bda37594f ("io_uring/poll: allow some retries for poll triggering spuriously")
Cc: stable@vger.kernel.org
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | io_uring/poll.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/io_uring/poll.c b/io_uring/poll.c index 56dbd1863c78..4788073ec45d 100644 --- a/io_uring/poll.c +++ b/io_uring/poll.c @@ -742,6 +742,7 @@ int io_arm_poll_handler(struct io_kiocb *req, unsigned issue_flags) apoll = io_req_alloc_apoll(req, issue_flags); if (!apoll) return IO_APOLL_ABORTED; + req->flags &= ~(REQ_F_SINGLE_POLL | REQ_F_DOUBLE_POLL); req->flags |= REQ_F_POLLED; ipt.pt._qproc = io_async_queue_proc; |