mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 22:26:55 +00:00
Code Issues Releases Wiki Activity
linux-stable/io_uring
History
Pavel Begunkov 30a33669fa io_uring/poll: fix double poll req->flags races 
io_poll_double_prepare()            | io_poll_wake()
                                    | poll->head = NULL
smp_load(&poll->head); /* NULL */   |
flags = req->flags;                 |
                                    | req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL    |

The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.

Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.

Fixes: 49f1c68e04 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-11 09:59:27 -07:00
..
advise.c
advise.h
alloc_cache.h
cancel.c
cancel.h
epoll.c
epoll.h
fdinfo.c io_uring: fix fdinfo sqe offsets calculation 2022-10-12 16:30:56 -06:00
fdinfo.h
filetable.c
filetable.h io_uring: kill hot path fixed file bitmap debug checks 2022-10-16 17:07:53 -06:00
fs.c
fs.h
io-wq.c io-wq: Fix memory leak in worker creation 2022-10-20 05:48:59 -07:00
io-wq.h
io_uring.c io_uring: calculate CQEs from the user visible value 2022-11-08 10:36:15 -07:00
io_uring.h io_uring: unlock if __io_run_local_work locked inside 2022-10-27 09:52:12 -06:00
kbuf.c io_uring: check for rollover of buffer ID when providing buffers 2022-11-10 11:07:41 -07:00
kbuf.h
Makefile
msg_ring.c io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() 2022-10-19 12:33:33 -07:00
msg_ring.h
net.c io_uring/net: fail zc sendmsg when unsupported by socket 2022-10-22 08:43:03 -06:00
net.h
nop.c
nop.h
notif.c
notif.h
opdef.c io_uring/opdef: remove 'audit_skip' from SENDMSG_ZC 2022-10-12 16:30:56 -06:00
opdef.h
openclose.c
openclose.h
poll.c io_uring/poll: fix double poll req->flags races 2022-11-11 09:59:27 -07:00
poll.h
refs.h
rsrc.c io_uring: remove FFS_SCM 2022-10-16 17:07:12 -06:00
rsrc.h io_uring: remove FFS_SCM 2022-10-16 17:07:12 -06:00
rw.c io_uring/rw: remove leftover debug statement 2022-10-16 17:24:10 -06:00
rw.h
slist.h
splice.c
splice.h
sqpoll.c
sqpoll.h
statx.c
statx.h
sync.c
sync.h
tctx.c io_uring: remove io_register_submitter 2022-10-07 12:25:30 -06:00
tctx.h io_uring: simplify __io_uring_add_tctx_node 2022-10-07 12:25:30 -06:00
timeout.c
timeout.h
uring_cmd.c io_uring: introduce fixed buffer support for io_uring_cmd 2022-09-30 07:50:59 -06:00
uring_cmd.h
xattr.c
xattr.h