On 11/6/23 8:46 AM, Jens Axboe wrote: > On 11/6/23 8:33 AM, Dylan Yudaken wrote: >> On Mon, Nov 6, 2023 at 2:46?PM Jens Axboe <axboe@xxxxxxxxx> wrote: >>> >>> On 11/5/23 3:30 PM, Dylan Yudaken wrote: >>>> When doing a multishot read, the code path reuses the old read >>>> paths. However this breaks an assumption built into those paths, >>>> namely that struct io_rw::len is available for reuse by __io_import_iovec. >>>> >>>> For multishot this results in len being set for the first receive >>>> call, and then subsequent calls are clamped to that buffer length incorrectly. >>> >>> Should we just reset this to 0 always in io_read_mshot()? And preferably >>> with a comment added as well as to why that is necessary to avoid >>> repeated clamping. >> >> Unfortunately I don't think (without testing) that will work. >> Sometimes the request >> comes into io_read_mshot with the buffer already selected, and the >> length cannot >> be touched in that case. >> >> We could check if the buffer is set, and if not clear the length I guess. >> I'm a bit unsure which is better - both seem equally ugly to be honest. > > I mean do it at the end when we complete it, so it's reset for the next > iteration. But yeah, I'd want to have the test case verify this first > :-) Something ala the below? diff --git a/io_uring/rw.c b/io_uring/rw.c index 9e3e56b74e35..9121832eadec 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -932,6 +932,12 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) * Any successful return value will keep the multishot read armed. */ if (ret > 0) { + /* + * Reset rw->len to 0 again to avoid clamping future mshot + * reads, in case the buffer size varies. + */ + io_kiocb_to_cmd(req, struct io_rw)->len = 0; + /* * Put our buffer and post a CQE. If we fail to post a CQE, then * jump to the termination path. This request is then done. -- Jens Axboe