| Message ID | 20250401195355.1613813-1-dw@davidwei.uk (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] io_uring/zcrx: return early from io_zcrx_recv_skb if readlen is 0 | expand |
On 4/1/25 1:53 PM, David Wei wrote: > When readlen is set for a recvzc request, tcp_read_sock() will call > io_zcrx_recv_skb() one final time with len == desc->count == 0. This is > caused by the !desc->count check happening too late. The offset + 1 != > skb->len happens earlier and causes the while loop to continue. > > Fix this in io_zcrx_recv_skb() instead of tcp_read_sock(). Return early > if len is 0 i.e. the read is done. > > Changes in v2: > -------------- > * Add Fixes tag > * Return 0 directly > * Add comment explaining why the !len check is needed > > Fixes: 6699ec9a23f8 ("io_uring/zcrx: add a read limit to recvzc requests") > Signed-off-by: David Wei <dw@davidwei.uk> > --- > io_uring/zcrx.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c > index 9c95b5b6ec4e..2c8b29c745c5 100644 > --- a/io_uring/zcrx.c > +++ b/io_uring/zcrx.c > @@ -818,6 +818,13 @@ io_zcrx_recv_skb(read_descriptor_t *desc, struct sk_buff *skb, > int ret = 0; > > len = min_t(size_t, len, desc->count); > + /* __tcp_read_sock() always calls io_zcrx_recv_skb one last time, even > + * if desc->count is already 0. This is caused by the if (offset + 1 != > + * skb->len) check. Return early in this case to break out of > + * __tcp_read_sock(). > + */ > + if (!len) > + return 0; > if (unlikely(args->nr_skbs++ > IO_SKBS_PER_CALL_LIMIT)) > return -EAGAIN; Bad comment format, but I can fix it up while applying. Thanks!
On Tue, 01 Apr 2025 12:53:55 -0700, David Wei wrote: > When readlen is set for a recvzc request, tcp_read_sock() will call > io_zcrx_recv_skb() one final time with len == desc->count == 0. This is > caused by the !desc->count check happening too late. The offset + 1 != > skb->len happens earlier and causes the while loop to continue. > > Fix this in io_zcrx_recv_skb() instead of tcp_read_sock(). Return early > if len is 0 i.e. the read is done. > > [...] Applied, thanks! [1/1] io_uring/zcrx: return early from io_zcrx_recv_skb if readlen is 0 commit: fcfd94d6967a98e88b834c9fd81e73c5f04d83dc Best regards,
diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c index 9c95b5b6ec4e..2c8b29c745c5 100644 --- a/io_uring/zcrx.c +++ b/io_uring/zcrx.c @@ -818,6 +818,13 @@ io_zcrx_recv_skb(read_descriptor_t *desc, struct sk_buff *skb, int ret = 0; len = min_t(size_t, len, desc->count); + /* __tcp_read_sock() always calls io_zcrx_recv_skb one last time, even + * if desc->count is already 0. This is caused by the if (offset + 1 != + * skb->len) check. Return early in this case to break out of + * __tcp_read_sock(). + */ + if (!len) + return 0; if (unlikely(args->nr_skbs++ > IO_SKBS_PER_CALL_LIMIT)) return -EAGAIN;
When readlen is set for a recvzc request, tcp_read_sock() will call io_zcrx_recv_skb() one final time with len == desc->count == 0. This is caused by the !desc->count check happening too late. The offset + 1 != skb->len happens earlier and causes the while loop to continue. Fix this in io_zcrx_recv_skb() instead of tcp_read_sock(). Return early if len is 0 i.e. the read is done. Changes in v2: -------------- * Add Fixes tag * Return 0 directly * Add comment explaining why the !len check is needed Fixes: 6699ec9a23f8 ("io_uring/zcrx: add a read limit to recvzc requests") Signed-off-by: David Wei <dw@davidwei.uk> --- io_uring/zcrx.c | 7 +++++++ 1 file changed, 7 insertions(+)