Data Corruption bug with Samba's vfs_iouring and Linux 5.6.7/5.7rc3

Wed May 6 15:20:10 UTC 2020

Am 06.05.20 um 14:55 schrieb Pavel Begunkov:
> On 05/05/2020 23:19, Stefan Metzmacher wrote:
>> Hi Jens,
>>
>>> Got it working, but apparently the arch samba doesn't come with io_uring...
>>> One question, though, from looking at the source:
>>
>> Thanks for taking a look!
>>
>>> static ssize_t vfs_io_uring_pread_recv(struct tevent_req *req,
>>> 				  struct vfs_aio_state *vfs_aio_state)
>>> {
>>> [...]
>>> 	if (state->ur.cqe.res < 0) {
>>> 		vfs_aio_state->error = -state->ur.cqe.res;
>>> 		ret = -1;
>>> 	} else {
>>> 		vfs_aio_state->error = 0;
>>> 		ret = state->ur.cqe.res;
>>> 	}
>>>
>>> 	tevent_req_received(req);
>>> [...]
>>>
>>> I'm assuming this is dealing with short reads?
>>>
>>> I'll try and see if I can get an arch binary build that has the
>>> vfs_io_uring module and reproduce.
>>
>> I guess I don't expect short reads for files unless the client asked
>> for a read beyond EOF. Does IORING_OP_READV may return short reads
>> similar to preadv2 with RWF_NOWAIT? And if so, did this got changed
>> since 5.3?
> 
> AFAIK, it can. io_uring first tries to submit a request with IOCB_NOWAIT,
> in short for performance reasons. And it have been doing so from the beginning
> or so. The same is true for writes.

See the other mails in the thread. The test I wrote shows the
implicit IOCB_NOWAIT was not exposed to the caller in  (at least in 5.3
and 5.4).

I think the typical user don't want it to be exposed!
I'm not sure for blocking reads on a socket, but for files
below EOF it's really not what's expected.

If that behavior is desired RWF_NOWAIT can be used explicitly.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200506/bf46fe82/signature.sig>