The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
Possible dependencies:
7fdbc5f014c3 ("io_uring: disallow self-propelled ring polling") 2ba69707d915 ("io_uring: clean up io_poll_check_events return values") d245bca6375b ("io_uring: don't expose io_fill_cqe_aux()") f3b44f92e59a ("io_uring: move read/write related opcodes to its own file") c98817e6cd44 ("io_uring: move remaining file table manipulation to filetable.c") 735729844819 ("io_uring: move rsrc related data, core, and commands") 3b77495a9723 ("io_uring: split provided buffers handling into its own file") 7aaff708a768 ("io_uring: move cancelation into its own file") 329061d3e2f9 ("io_uring: move poll handling into its own file") cfd22e6b3319 ("io_uring: add opcode name to io_op_defs") 92ac8beaea1f ("io_uring: include and forward-declaration sanitation") c9f06aa7de15 ("io_uring: move io_uring_task (tctx) helpers into its own file") a4ad4f748ea9 ("io_uring: move fdinfo helpers to its own file") e5550a1447bf ("io_uring: use io_is_uring_fops() consistently") 17437f311490 ("io_uring: move SQPOLL related handling into its own file") 59915143e89f ("io_uring: move timeout opcodes and handling into its own file") e418bbc97bff ("io_uring: move our reference counting into a header") 36404b09aa60 ("io_uring: move msg_ring into its own file") f9ead18c1058 ("io_uring: split network related opcodes into its own file") e0da14def1ee ("io_uring: move statx handling to its own file")
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 7fdbc5f014c3f71bc44673a2d6c5bb2d12d45f25 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov asml.silence@gmail.com Date: Fri, 18 Nov 2022 15:41:41 +0000 Subject: [PATCH] io_uring: disallow self-propelled ring polling
When we post a CQE we wake all ring pollers as it normally should be. However, if a CQE was generated by a multishot poll request targeting its own ring, it'll wake that request up, which will make it to post a new CQE, which will wake the request and so on until it exhausts all CQ entries.
Don't allow multishot polling io_uring files but downgrade them to oneshots, which was always stated as a correct behaviour that the userspace should check for.
Cc: stable@vger.kernel.org Fixes: aa43477b04025 ("io_uring: poll rework") Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/3124038c0e7474d427538c2d915335ec28c92d21.166878572... Signed-off-by: Jens Axboe axboe@kernel.dk
diff --git a/io_uring/poll.c b/io_uring/poll.c index c34019b18211..055632e9092a 100644 --- a/io_uring/poll.c +++ b/io_uring/poll.c @@ -246,6 +246,8 @@ static int io_poll_check_events(struct io_kiocb *req, bool *locked) continue; if (req->apoll_events & EPOLLONESHOT) return IOU_POLL_DONE; + if (io_is_uring_fops(req->file)) + return IOU_POLL_DONE;
/* multishot, just fill a CQE and proceed */ if (!(req->flags & REQ_F_APOLL_MULTISHOT)) {