From: Jens Axboe <axboe@kernel.dk>
Date: Mon, 27 Mar 2023 19:56:18 -0600
Subject: [PATCH] io_uring/poll: clear single/double poll flags on poll arming
References: bsc#1012628
Patch-mainline: 6.2.10
Git-commit: 005308f7bdacf5685ed1a431244a183dbbb9e0e8

commit 005308f7bdacf5685ed1a431244a183dbbb9e0e8 upstream.

Unless we have at least one entry queued, then don't call into
io_poll_remove_entries(). Normally this isn't possible, but if we
retry poll then we can have ->nr_entries cleared again as we're
setting it up. If this happens for a poll retry, then we'll still have
at least REQ_F_SINGLE_POLL set. io_poll_remove_entries() then thinks
it has entries to remove.

Clear REQ_F_SINGLE_POLL and REQ_F_DOUBLE_POLL unconditionally when
arming a poll request.

Fixes: c16bda37594f ("io_uring/poll: allow some retries for poll triggering spuriously")
Cc: stable@vger.kernel.org
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 io_uring/poll.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/io_uring/poll.c b/io_uring/poll.c
index fea739ee..666666ab 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -724,6 +724,7 @@ int io_arm_poll_handler(struct io_kiocb *req, unsigned issue_flags)
 	apoll = io_req_alloc_apoll(req, issue_flags);
 	if (!apoll)
 		return IO_APOLL_ABORTED;
+	req->flags &= ~(REQ_F_SINGLE_POLL | REQ_F_DOUBLE_POLL);
 	req->flags |= REQ_F_POLLED;
 	ipt.pt._qproc = io_async_queue_proc;
 
-- 
2.35.3