tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

io_uring: fix buffer auto-commit for multishot uring_cmd

Commit 620a50c92700 ("io_uring: uring_cmd: add multishot support") added
multishot uring_cmd support with explicit buffer upfront commit via
io_uring_mshot_cmd_post_cqe(). However, the buffer selection path in
io_ring_buffer_select() was auto-committing buffers for non-pollable files,
which conflicts with uring_cmd's explicit upfront commit model.

This way consumes the whole selected buffer immediately, and causes
failure on the following buffer selection.

Fix this by checking uring_cmd to identify operations that handle buffer
commit explicitly, and skip auto-commit for these operations.

Cc: Caleb Sander Mateos <csander@purestorage.com>
Fixes: 620a50c92700 ("io_uring: uring_cmd: add multishot support")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

authored by

Ming Lei and committed by
Jens Axboe 6f1cbf6d c5efc6a0

+22 -11
+22 -11
io_uring/kbuf.c
··· 155 155 return 1; 156 156 } 157 157 158 + static bool io_should_commit(struct io_kiocb *req, unsigned int issue_flags) 159 + { 160 + /* 161 + * If we came in unlocked, we have no choice but to consume the 162 + * buffer here, otherwise nothing ensures that the buffer won't 163 + * get used by others. This does mean it'll be pinned until the 164 + * IO completes, coming in unlocked means we're being called from 165 + * io-wq context and there may be further retries in async hybrid 166 + * mode. For the locked case, the caller must call commit when 167 + * the transfer completes (or if we get -EAGAIN and must poll of 168 + * retry). 169 + */ 170 + if (issue_flags & IO_URING_F_UNLOCKED) 171 + return true; 172 + 173 + /* uring_cmd commits kbuf upfront, no need to auto-commit */ 174 + if (!io_file_can_poll(req) && req->opcode != IORING_OP_URING_CMD) 175 + return true; 176 + return false; 177 + } 178 + 158 179 static struct io_br_sel io_ring_buffer_select(struct io_kiocb *req, size_t *len, 159 180 struct io_buffer_list *bl, 160 181 unsigned int issue_flags) ··· 202 181 sel.buf_list = bl; 203 182 sel.addr = u64_to_user_ptr(buf->addr); 204 183 205 - if (issue_flags & IO_URING_F_UNLOCKED || !io_file_can_poll(req)) { 206 - /* 207 - * If we came in unlocked, we have no choice but to consume the 208 - * buffer here, otherwise nothing ensures that the buffer won't 209 - * get used by others. This does mean it'll be pinned until the 210 - * IO completes, coming in unlocked means we're being called from 211 - * io-wq context and there may be further retries in async hybrid 212 - * mode. For the locked case, the caller must call commit when 213 - * the transfer completes (or if we get -EAGAIN and must poll of 214 - * retry). 215 - */ 184 + if (io_should_commit(req, issue_flags)) { 216 185 io_kbuf_commit(req, sel.buf_list, *len, 1); 217 186 sel.buf_list = NULL; 218 187 }