diff options
| author | Jens Axboe <axboe@kernel.dk> | 2020-08-15 11:44:50 -0700 | 
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2020-08-15 11:48:18 -0700 | 
| commit | d4e7cd36a90e38e0276d6ce0c20f5ccef17ec38c (patch) | |
| tree | 83fc34f8254636016e92f9eaca00479f3526b73c /lib/string_helpers.c | |
| parent | 227c0c9673d86732995474d277f84e08ee763e46 (diff) | |
io_uring: sanitize double poll handling
There's a bit of confusion on the matching pairs of poll vs double poll,
depending on if the request is a pure poll (IORING_OP_POLL_ADD) or
poll driven retry.
Add io_poll_get_double() that returns the double poll waitqueue, if any,
and io_poll_get_single() that returns the original poll waitqueue. With
that, remove the argument to io_poll_remove_double().
Finally ensure that wait->private is cleared once the double poll handler
has run, so that remove knows it's already been seen.
Cc: stable@vger.kernel.org # v5.8
Reported-by: syzbot+7f617d4a9369028b8a2c@syzkaller.appspotmail.com
Fixes: 18bceab101ad ("io_uring: allow POLL_ADD with double poll_wait() users")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'lib/string_helpers.c')
0 files changed, 0 insertions, 0 deletions
