Hi, if the initial operation returns EAGAIN (and REQ_F_NOWAIT) is not set, io_submit_sqe copies the SQE for processing in a worker. The worker will then read from the SQE copy to determine (some) parameters for operations, but not all of those parameters will be validated again, as the initial operation sets REQ_F_PREPPED. So between the initial operation and the memcpy is a race in which the application could change the SQE: for example it could change from IORING_OP_FSYNC to IORING_OP_READV, which would result in broken kiocb data afaict. The only way around that I can see right now is copying the SQE in io_submit_sqe (moving the call to io_cqring_add_event to io_submit_sqe should simplify this afaict): does that sound acceptable? cheers, Stefan
