| Message ID | 594cc3cae8b479df473ac7711ede07e85bc6e266.1735407348.git.asml.silence@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/1] io_uring/rw: fix downgraded mshot read | expand |
On 12/28/24 17:36, Pavel Begunkov wrote: > The iowq path can downgrade a multishot request to the oneshot mode, > however io_read_mshot() doesn't handle that and would still post > multiple CQEs. That's not allowed, because io_req_post_cqe() requires > stricter context requirements. > > The described can only happen with pollable files that don't support > FMODE_NOWAIT, which is an odd combination, so if even allowed it should > be fairly rare. > > Cc: stable@vger.kernel.org > Reported-by: chase xd <sl1589472800@gmail.com> > Fixes: bee1d5becdf5b ("io_uring: disable io-wq execution of multishot NOWAIT requests") > Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> > --- > io_uring/rw.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/io_uring/rw.c b/io_uring/rw.c > index b1db4595788b..c212d57df6e5 100644 > --- a/io_uring/rw.c > +++ b/io_uring/rw.c > @@ -1066,6 +1066,8 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) > io_kbuf_recycle(req, issue_flags); > if (ret < 0) > req_set_fail(req); > + } else if (req->flags & REQ_F_APOLL_MULTISHOT) { > + cflags = io_put_kbuf(req, ret, issue_flags); Oops, this one is broken, misses inversion.
diff --git a/io_uring/rw.c b/io_uring/rw.c index b1db4595788b..c212d57df6e5 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -1066,6 +1066,8 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) io_kbuf_recycle(req, issue_flags); if (ret < 0) req_set_fail(req); + } else if (req->flags & REQ_F_APOLL_MULTISHOT) { + cflags = io_put_kbuf(req, ret, issue_flags); } else { /* * Any successful return value will keep the multishot read
The iowq path can downgrade a multishot request to the oneshot mode, however io_read_mshot() doesn't handle that and would still post multiple CQEs. That's not allowed, because io_req_post_cqe() requires stricter context requirements. The described can only happen with pollable files that don't support FMODE_NOWAIT, which is an odd combination, so if even allowed it should be fairly rare. Cc: stable@vger.kernel.org Reported-by: chase xd <sl1589472800@gmail.com> Fixes: bee1d5becdf5b ("io_uring: disable io-wq execution of multishot NOWAIT requests") Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> --- io_uring/rw.c | 2 ++ 1 file changed, 2 insertions(+)