io_uring: disallow self-propelled ring polling

When we post a CQE we wake all ring pollers as it normally should be.
However, if a CQE was generated by a multishot poll request targeting
its own ring, it'll wake that request up, which will make it to post
a new CQE, which will wake the request and so on until it exhausts all
CQ entries.

Don't allow multishot polling io_uring files but downgrade them to
oneshots, which was always stated as a correct behaviour that the
userspace should check for.

Cc: stable@vger.kernel.org
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/3124038c0e7474d427538c2d915335ec28c92d21.1668785722.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/poll.c b/io_uring/poll.c
index c34019b..055632e 100644 (file)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -246,6 +246,8 @@ static int io_poll_check_events(struct io_kiocb *req, bool *locked)
                        continue;
                if (req->apoll_events & EPOLLONESHOT)
                        return IOU_POLL_DONE;
+               if (io_is_uring_fops(req->file))
+                       return IOU_POLL_DONE;
 
                /* multishot, just fill a CQE and proceed */
                if (!(req->flags & REQ_F_APOLL_MULTISHOT)) {