| Message ID | 20231105223008.125563-3-dyudaken@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | io_uring: mshot read fix for buffer size changes | expand |
On 11/5/23 3:30 PM, Dylan Yudaken wrote: > When doing a multishot read, the code path reuses the old read > paths. However this breaks an assumption built into those paths, > namely that struct io_rw::len is available for reuse by __io_import_iovec. > > For multishot this results in len being set for the first receive > call, and then subsequent calls are clamped to that buffer length incorrectly. Should we just reset this to 0 always in io_read_mshot()? And preferably with a comment added as well as to why that is necessary to avoid repeated clamping.
On Mon, Nov 6, 2023 at 2:46 PM Jens Axboe <axboe@kernel.dk> wrote: > > On 11/5/23 3:30 PM, Dylan Yudaken wrote: > > When doing a multishot read, the code path reuses the old read > > paths. However this breaks an assumption built into those paths, > > namely that struct io_rw::len is available for reuse by __io_import_iovec. > > > > For multishot this results in len being set for the first receive > > call, and then subsequent calls are clamped to that buffer length incorrectly. > > Should we just reset this to 0 always in io_read_mshot()? And preferably > with a comment added as well as to why that is necessary to avoid > repeated clamping. Unfortunately I don't think (without testing) that will work. Sometimes the request comes into io_read_mshot with the buffer already selected, and the length cannot be touched in that case. We could check if the buffer is set, and if not clear the length I guess. I'm a bit unsure which is better - both seem equally ugly to be honest.
On 11/6/23 8:33 AM, Dylan Yudaken wrote: > On Mon, Nov 6, 2023 at 2:46?PM Jens Axboe <axboe@kernel.dk> wrote: >> >> On 11/5/23 3:30 PM, Dylan Yudaken wrote: >>> When doing a multishot read, the code path reuses the old read >>> paths. However this breaks an assumption built into those paths, >>> namely that struct io_rw::len is available for reuse by __io_import_iovec. >>> >>> For multishot this results in len being set for the first receive >>> call, and then subsequent calls are clamped to that buffer length incorrectly. >> >> Should we just reset this to 0 always in io_read_mshot()? And preferably >> with a comment added as well as to why that is necessary to avoid >> repeated clamping. > > Unfortunately I don't think (without testing) that will work. > Sometimes the request > comes into io_read_mshot with the buffer already selected, and the > length cannot > be touched in that case. > > We could check if the buffer is set, and if not clear the length I guess. > I'm a bit unsure which is better - both seem equally ugly to be honest. I mean do it at the end when we complete it, so it's reset for the next iteration. But yeah, I'd want to have the test case verify this first :-)
On 11/6/23 8:46 AM, Jens Axboe wrote: > On 11/6/23 8:33 AM, Dylan Yudaken wrote: >> On Mon, Nov 6, 2023 at 2:46?PM Jens Axboe <axboe@kernel.dk> wrote: >>> >>> On 11/5/23 3:30 PM, Dylan Yudaken wrote: >>>> When doing a multishot read, the code path reuses the old read >>>> paths. However this breaks an assumption built into those paths, >>>> namely that struct io_rw::len is available for reuse by __io_import_iovec. >>>> >>>> For multishot this results in len being set for the first receive >>>> call, and then subsequent calls are clamped to that buffer length incorrectly. >>> >>> Should we just reset this to 0 always in io_read_mshot()? And preferably >>> with a comment added as well as to why that is necessary to avoid >>> repeated clamping. >> >> Unfortunately I don't think (without testing) that will work. >> Sometimes the request >> comes into io_read_mshot with the buffer already selected, and the >> length cannot >> be touched in that case. >> >> We could check if the buffer is set, and if not clear the length I guess. >> I'm a bit unsure which is better - both seem equally ugly to be honest. > > I mean do it at the end when we complete it, so it's reset for the next > iteration. But yeah, I'd want to have the test case verify this first > :-) Something ala the below? diff --git a/io_uring/rw.c b/io_uring/rw.c index 9e3e56b74e35..9121832eadec 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -932,6 +932,12 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) * Any successful return value will keep the multishot read armed. */ if (ret > 0) { + /* + * Reset rw->len to 0 again to avoid clamping future mshot + * reads, in case the buffer size varies. + */ + io_kiocb_to_cmd(req, struct io_rw)->len = 0; + /* * Put our buffer and post a CQE. If we fail to post a CQE, then * jump to the termination path. This request is then done.
diff --git a/io_uring/rw.c b/io_uring/rw.c index ea86498d8769..b7f7fbc28032 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -417,6 +417,8 @@ static struct iovec *__io_import_iovec(int ddir, struct io_kiocb *req, if (!io_issue_defs[opcode].vectored || req->flags & REQ_F_BUFFER_SELECT) { if (io_do_buffer_select(req)) { + if (opcode == IORING_OP_READ_MULTISHOT) + sqe_len = 0; buf = io_buffer_select(req, &sqe_len, issue_flags); if (!buf) return ERR_PTR(-ENOBUFS);
When doing a multishot read, the code path reuses the old read paths. However this breaks an assumption built into those paths, namely that struct io_rw::len is available for reuse by __io_import_iovec. For multishot this results in len being set for the first receive call, and then subsequent calls are clamped to that buffer length incorrectly. Fixes: fc68fcda0491 ("io_uring/rw: add support for IORING_OP_READ_MULTISHOT") Signed-off-by: Dylan Yudaken <dyudaken@gmail.com> --- io_uring/rw.c | 2 ++ 1 file changed, 2 insertions(+)