Data Corruption bug with Samba's vfs_iouring and Linux 5.6.7/5.7rc3
jra at samba.org
Fri May 8 18:53:39 UTC 2020
On Fri, May 08, 2020 at 09:35:40PM +0530, Anoop C S wrote:
> Jeremy's patch(for handling short reads) still works with updated
> > Can you please also test the patch I posted here:
> > https://bugzilla.samba.org/show_bug.cgi?id=14361#c21
> Unfortunately copy failed to start with this patch set. I don't know if
> its because of updated kernel(v5.6.8 -> v5.6.10) but smbd terminated
> with SIGABRT right at the beginning of copy. I have attached backtrace
> and log file. Please have a look.
I see the problem. It's the reason I initially introduced
an immediate event, and then refactored my code to call
_vfs_io_uring_queue_run() in a loop if it returned 'need_retry'.
Metze's current code is recursive, and it's running out
But inside vfs_io_uring_queue_run() once a read |
completes it calls: |
cur->completion_fn() for pread is set to vfs_io_uring_pread_completion() |
(the ascii art will probably only work in fixed-font text mailers
but you should get the idea).
I don't think this pattern will work. You have to exit
from vfs_io_uring_queue_run() all the way out so that
you've called io_uring_cq_advance() to move the completion
queue forward before you can submit another request to
finish the short IO.
That's what my initial patch did with an immedate event,
until I got the idea of wrapping vfs_io_uring_queue_run()
inside a retry wrapper function.
I'll take a look to see if I can fix this so the short
read re-submission happens *outside* of vfs_io_uring_queue_run(),
as I think that's the only way to make this work.
More information about the samba-technical