On 11/6/23 8:46 AM, Jens Axboe wrote:
> On 11/6/23 8:33 AM, Dylan Yudaken wrote:
>> On Mon, Nov 6, 2023 at 2:46?PM Jens Axboe <axboe@xxxxxxxxx> wrote:
>>>
>>> On 11/5/23 3:30 PM, Dylan Yudaken wrote:
>>>> When doing a multishot read, the code path reuses the old read
>>>> paths. However this breaks an assumption built into those paths,
>>>> namely that struct io_rw::len is available for reuse by __io_import_iovec.
>>>>
>>>> For multishot this results in len being set for the first receive
>>>> call, and then subsequent calls are clamped to that buffer length incorrectly.
>>>
>>> Should we just reset this to 0 always in io_read_mshot()? And preferably
>>> with a comment added as well as to why that is necessary to avoid
>>> repeated clamping.
>>
>> Unfortunately I don't think (without testing) that will work.
>> Sometimes the request
>> comes into io_read_mshot with the buffer already selected, and the
>> length cannot
>> be touched in that case.
>>
>> We could check if the buffer is set, and if not clear the length I guess.
>> I'm a bit unsure which is better - both seem equally ugly to be honest.
>
> I mean do it at the end when we complete it, so it's reset for the next
> iteration. But yeah, I'd want to have the test case verify this first
> :-)
Something ala the below?
diff --git a/io_uring/rw.c b/io_uring/rw.c
index 9e3e56b74e35..9121832eadec 100644
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -932,6 +932,12 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags)
* Any successful return value will keep the multishot read armed.
*/
if (ret > 0) {
+ /*
+ * Reset rw->len to 0 again to avoid clamping future mshot
+ * reads, in case the buffer size varies.
+ */
+ io_kiocb_to_cmd(req, struct io_rw)->len = 0;
+
/*
* Put our buffer and post a CQE. If we fail to post a CQE, then
* jump to the termination path. This request is then done.
--
Jens Axboe
