On 1/5/22 7:26 AM, Eric Biggers wrote:
On Thu, Dec 09, 2021 at 02:46:45PM -0700, Jens Axboe wrote:
On 12/9/21 11:00 AM, Linus Torvalds wrote:
On Wed, Dec 8, 2021 at 5:06 PM Eric Biggers ebiggers@kernel.org wrote:
Careful review is appreciated; the aio poll code is very hard to work with, and it doesn't appear to have many tests. I've verified that it passes the libaio test suite, which provides some coverage of poll.
Note, it looks like io_uring has the same bugs as aio poll. I haven't tried to fix io_uring.
I'm hoping Jens is looking at the io_ring case, but I'm also assuming that I'll just get a pull request for this at some point.
Yes, when I saw this original posting I did discuss it with Pavel as well, and we agree that the same issue exists there. Which isn't too surprising, as that's where the io_uring poll code from originally.
Jens, any update on fixing the io_uring version of the bug? Note, syzbot has managed to use io_uring poll to hit the WARN_ON_ONCE() that I added in __wake_up_pollfree(), which proves that it is broken.
There are two parts to this, first part is queued up for 5.17 for a few weeks. Work in progress...