--- /dev/null
+From 6f83ab22adcb77a5824d2c274dace0d99e21319f Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Mon, 11 Apr 2022 09:48:30 -0600
+Subject: io_uring: io_kiocb_update_pos() should not touch file for non -1 offset
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit 6f83ab22adcb77a5824d2c274dace0d99e21319f upstream.
+
+-1 tells use to use the current position, but we check if the file is
+a stream regardless of that. Fix up io_kiocb_update_pos() to only
+dip into file if we need to. This is both more efficient and also drops
+12 bytes of text on aarch64 and 64 bytes on x86-64.
+
+Fixes: b4aec4001595 ("io_uring: do not recalculate ppos unnecessarily")
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ io_uring/io_uring.c | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+--- a/io_uring/io_uring.c
++++ b/io_uring/io_uring.c
+@@ -3014,19 +3014,18 @@ static inline void io_rw_done(struct kio
+ static inline loff_t *io_kiocb_update_pos(struct io_kiocb *req)
+ {
+ struct kiocb *kiocb = &req->rw.kiocb;
+- bool is_stream = req->file->f_mode & FMODE_STREAM;
+
+- if (kiocb->ki_pos == -1) {
+- if (!is_stream) {
+- req->flags |= REQ_F_CUR_POS;
+- kiocb->ki_pos = req->file->f_pos;
+- return &kiocb->ki_pos;
+- } else {
+- kiocb->ki_pos = 0;
+- return NULL;
+- }
++ if (kiocb->ki_pos != -1)
++ return &kiocb->ki_pos;
++
++ if (!(req->file->f_mode & FMODE_STREAM)) {
++ req->flags |= REQ_F_CUR_POS;
++ kiocb->ki_pos = req->file->f_pos;
++ return &kiocb->ki_pos;
+ }
+- return is_stream ? NULL : &kiocb->ki_pos;
++
++ kiocb->ki_pos = 0;
++ return NULL;
+ }
+
+ static void kiocb_done(struct kiocb *kiocb, ssize_t ret,
--- /dev/null
+From 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Thu, 29 Sep 2022 09:39:10 +0200
+Subject: io_uring/net: fix fast_iov assignment in io_setup_async_msg()
+
+From: Stefan Metzmacher <metze@samba.org>
+
+commit 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 upstream.
+
+I hit a very bad problem during my tests of SENDMSG_ZC.
+BUG(); in first_iovec_segment() triggered very easily.
+The problem was io_setup_async_msg() in the partial retry case,
+which seems to happen more often with _ZC.
+
+iov_iter_iovec_advance() may change i->iov in order to have i->iov_offset
+being only relative to the first element.
+
+Which means kmsg->msg.msg_iter.iov is no longer the
+same as kmsg->fast_iov.
+
+But this would rewind the copy to be the start of
+async_msg->fast_iov, which means the internal
+state of sync_msg->msg.msg_iter is inconsitent.
+
+I tested with 5 vectors with length like this 4, 0, 64, 20, 8388608
+and got a short writes with:
+- ret=2675244 min_ret=8388692 => remaining 5713448 sr->done_io=2675244
+- ret=-EAGAIN => io_uring_poll_arm
+- ret=4911225 min_ret=5713448 => remaining 802223 sr->done_io=7586469
+- ret=-EAGAIN => io_uring_poll_arm
+- ret=802223 min_ret=802223 => res=8388692
+
+While this was easily triggered with SENDMSG_ZC (queued for 6.1),
+it was a potential problem starting with 7ba89d2af17aa879dda30f5d5d3f152e587fc551
+in 5.18 for IORING_OP_RECVMSG.
+And also with 4c3c09439c08b03d9503df0ca4c7619c5842892e in 5.19
+for IORING_OP_SENDMSG.
+
+However 257e84a5377fbbc336ff563833a8712619acce56 introduced the critical
+code into io_setup_async_msg() in 5.11.
+
+Fixes: 7ba89d2af17aa ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly")
+Fixes: 257e84a5377fb ("io_uring: refactor sendmsg/recvmsg iov managing")
+Cc: stable@vger.kernel.org
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
+Link: https://lore.kernel.org/r/b2e7be246e2fb173520862b0c7098e55767567a2.1664436949.git.metze@samba.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ io_uring/io_uring.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/io_uring/io_uring.c
++++ b/io_uring/io_uring.c
+@@ -4827,8 +4827,10 @@ static int io_setup_async_msg(struct io_
+ if (async_msg->msg.msg_name)
+ async_msg->msg.msg_name = &async_msg->addr;
+ /* if were using fast_iov, set it to the new one */
+- if (!async_msg->free_iov)
+- async_msg->msg.msg_iter.iov = async_msg->fast_iov;
++ if (!kmsg->free_iov) {
++ size_t fast_idx = kmsg->msg.msg_iter.iov - kmsg->fast_iov;
++ async_msg->msg.msg_iter.iov = &async_msg->fast_iov[fast_idx];
++ }
+
+ return -EAGAIN;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
