On Fri, Jun 18, 2021 at 1:58 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> On Fri, Jun 18, 2021 at 01:32:26PM -0700, Omar Sandoval wrote:
>
> > RWF_ENCODED is intended to be used like this:
> >
> > struct encoded_iov encoded_iov = {
> > /* compression metadata */ ...
> > };
> > char compressed_data[] = ...;
> > struct iovec iov[] = {
> > { &encoded_iov, sizeof(encoded_iov) },
> > { compressed_data, sizeof(compressed_data) },
> > };
> > pwritev2(fd, iov, 2, -1, RWF_ENCODED);
> >
> > Basically, we squirrel away the compression metadata in the first
> > element of the iovec array, and we use iov[0].iov_len so that we can
> > support future extensions of struct encoded_iov in the style of
> > copy_struct_from_user().
>
> Yecchhh...
Al, this has been true since the beginning, and was the whole point of the set.
> Just put the size of the encoded part first and be done with that.
> Magical effect of the iovec sizes is a bloody bad idea.
That makes everything uglier and more complicated, honestly. Then
you'd have to do it in _two_ operations ("get the size, then get the
rest"), *AND* you'd have to worry about all the corner-cases (ie
people putting the structure in pieces across multiple iov entries.
So it would be slower, more complex, and much more likely to have bugs.
So no. Not acceptable. The "in the first iov" is simple, efficient,
and avoids all the problems.
The size *is* encoded already - in the iov itself. Encoding it
anywhere else is much worse.
The only issue I have is that the issue itself is kind of ugly -
regardless of any iov issues. And the "encryption" side of it doesn't
actually seem to be relevant or solvable using this model anyway, so
that side is questionable.
The alternative would be to have an ioctl rather than make this be
about the IO operations (and then that encoded data would be
explicitly separate).
Which I suggested originally, but apparently people who want to use
this had some real reasons not to.
But encoding the structure without having the rule of "first iov only"
is entirely unacceptable to me. See above. It's objectively much much
worse.
Linus
