On Mon, Feb 10, 2025 at 10:12:44PM +0800, Ming Lei wrote:
> On Mon, Feb 03, 2025 at 07:45:14AM -0800, Keith Busch wrote:
> > + rq_for_each_bvec(bv, rq, rq_iter) {
> > + get_page(bv.bv_page);
> > + node->buf->bvec[i].bv_page = bv.bv_page;
> > + node->buf->bvec[i].bv_len = bv.bv_len;
> > + node->buf->bvec[i].bv_offset = bv.bv_offset;
> > + i++;
>
> In this patchset, ublk request buffer may cross uring OPs, so it is inevitable
> for buggy application to complete IO command & ublk request before
> io_uring read/write OP using the buffer/page is completed .
The buggy app would have to both complete the requests and unregister
the fixed buffer (the registration takes a reference, too) while having
backend requests in flight using that registered buffer. That could
happen, which is why the page references are elevated. It should contain
the fallout of the buggy application to the application's memory.
But if this is really a scenario that we must prevent from happening,
then I think the indirect callback is really the best option. It's not a
big deal, I just wanted to try to avoid it.
