diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2022-11-11 16:51:29 +0000 | 
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2022-11-11 09:59:27 -0700 | 
| commit | 30a33669fa21cd3dc7d92a00ba736358059014b7 (patch) | |
| tree | 6cd63d9678ff7392667e8d2fa3df741dc7cecebf /scripts/basic/fixdep.c | |
| parent | 3851d25c75ed03117268a8feb34adca5a843a126 (diff) | |
io_uring/poll: fix double poll req->flags races
io_poll_double_prepare()            | io_poll_wake()
                                    | poll->head = NULL
smp_load(&poll->head); /* NULL */   |
flags = req->flags;                 |
                                    | req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL    |
The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.
Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.
Fixes: 49f1c68e048f1 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'scripts/basic/fixdep.c')
0 files changed, 0 insertions, 0 deletions
