On 5/3/19 4:22 AM, Stefan Bühler wrote: > Hi, > > if the initial operation returns EAGAIN (and REQ_F_NOWAIT) is not set, > io_submit_sqe copies the SQE for processing in a worker. > > The worker will then read from the SQE copy to determine (some) > parameters for operations, but not all of those parameters will be > validated again, as the initial operation sets REQ_F_PREPPED. > > So between the initial operation and the memcpy is a race in which the > application could change the SQE: for example it could change from > IORING_OP_FSYNC to IORING_OP_READV, which would result in broken kiocb > data afaict. > > The only way around that I can see right now is copying the SQE in > io_submit_sqe (moving the call to io_cqring_add_event to io_submit_sqe > should simplify this afaict): does that sound acceptable? I'd be inclined to just fold the prep into the regular handling. The only prep routine that does any significant work is the read/write one, and if we're punting to async anyway, it's not a huge hit. If we do that, then we can get rid of the PREPPED flag and the separate need to call io_prep_xxx() for the command type. -- Jens Axboe
