Commit 07204f21 authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Jens Axboe
Browse files

io_uring: fix EIOCBQUEUED iter revert 



iov_iter_revert() is done in completion handlers that happensf before
read/write returns -EIOCBQUEUED, no need to repeat reverting afterwards.
Moreover, even though it may appear being just a no-op, it's actually
races with 1) user forging a new iovec of a different size 2) reissue,
that is done via io-wq continues completely asynchronously.

Fixes: 3e6a0d3c ("io_uring: fix -EAGAIN retry with IOPOLL")
Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 696ee88a

fs/io_uring.c

+0 −4
Original line number Diff line number Diff line
@@ -3284,8 +3284,6 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) 
	ret = io_iter_do_read(req, iter);



	if (ret == -EIOCBQUEUED) {

		if (req->async_data)

			iov_iter_revert(iter, io_size - iov_iter_count(iter));

		goto out_free;

	} else if (ret == -EAGAIN) {

		/* IOPOLL retry should happen for io-wq threads */
@@ -3418,8 +3416,6 @@ static int io_write(struct io_kiocb *req, unsigned int issue_flags) 
	/* no retry on NONBLOCK nor RWF_NOWAIT */

	if (ret2 == -EAGAIN && (req->flags & REQ_F_NOWAIT))

		goto done;

	if (ret2 == -EIOCBQUEUED && req->async_data)

		iov_iter_revert(iter, io_size - iov_iter_count(iter));

	if (!force_nonblock || ret2 != -EAGAIN) {

		/* IOPOLL retry should happen for io-wq threads */

		if ((req->ctx->flags & IORING_SETUP_IOPOLL) && ret2 == -EAGAIN)