From: Greg Kroah-Hartman Date: Sun, 22 Jan 2023 14:51:41 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.14.304~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ff9c063f8a873cd906b5425c89ee0f0a60e2e7e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: io_uring-io_kiocb_update_pos-should-not-touch-file-for-non-1-offset.patch io_uring-net-fix-fast_iov-assignment-in-io_setup_async_msg.patch --- diff --git a/queue-5.10/io_uring-io_kiocb_update_pos-should-not-touch-file-for-non-1-offset.patch b/queue-5.10/io_uring-io_kiocb_update_pos-should-not-touch-file-for-non-1-offset.patch new file mode 100644 index 00000000000..c1aa77f7ded --- /dev/null +++ b/queue-5.10/io_uring-io_kiocb_update_pos-should-not-touch-file-for-non-1-offset.patch @@ -0,0 +1,53 @@ +From 6f83ab22adcb77a5824d2c274dace0d99e21319f Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Mon, 11 Apr 2022 09:48:30 -0600 +Subject: io_uring: io_kiocb_update_pos() should not touch file for non -1 offset + +From: Jens Axboe + +commit 6f83ab22adcb77a5824d2c274dace0d99e21319f upstream. + +-1 tells use to use the current position, but we check if the file is +a stream regardless of that. Fix up io_kiocb_update_pos() to only +dip into file if we need to. This is both more efficient and also drops +12 bytes of text on aarch64 and 64 bytes on x86-64. + +Fixes: b4aec4001595 ("io_uring: do not recalculate ppos unnecessarily") +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io_uring.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -3011,19 +3011,18 @@ static inline void io_rw_done(struct kio + static inline loff_t *io_kiocb_update_pos(struct io_kiocb *req) + { + struct kiocb *kiocb = &req->rw.kiocb; +- bool is_stream = req->file->f_mode & FMODE_STREAM; + +- if (kiocb->ki_pos == -1) { +- if (!is_stream) { +- req->flags |= REQ_F_CUR_POS; +- kiocb->ki_pos = req->file->f_pos; +- return &kiocb->ki_pos; +- } else { +- kiocb->ki_pos = 0; +- return NULL; +- } ++ if (kiocb->ki_pos != -1) ++ return &kiocb->ki_pos; ++ ++ if (!(req->file->f_mode & FMODE_STREAM)) { ++ req->flags |= REQ_F_CUR_POS; ++ kiocb->ki_pos = req->file->f_pos; ++ return &kiocb->ki_pos; + } +- return is_stream ? NULL : &kiocb->ki_pos; ++ ++ kiocb->ki_pos = 0; ++ return NULL; + } + + static void kiocb_done(struct kiocb *kiocb, ssize_t ret, diff --git a/queue-5.10/io_uring-net-fix-fast_iov-assignment-in-io_setup_async_msg.patch b/queue-5.10/io_uring-net-fix-fast_iov-assignment-in-io_setup_async_msg.patch new file mode 100644 index 00000000000..4810e68c795 --- /dev/null +++ b/queue-5.10/io_uring-net-fix-fast_iov-assignment-in-io_setup_async_msg.patch @@ -0,0 +1,68 @@ +From 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Thu, 29 Sep 2022 09:39:10 +0200 +Subject: io_uring/net: fix fast_iov assignment in io_setup_async_msg() + +From: Stefan Metzmacher + +commit 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 upstream. + +I hit a very bad problem during my tests of SENDMSG_ZC. +BUG(); in first_iovec_segment() triggered very easily. +The problem was io_setup_async_msg() in the partial retry case, +which seems to happen more often with _ZC. + +iov_iter_iovec_advance() may change i->iov in order to have i->iov_offset +being only relative to the first element. + +Which means kmsg->msg.msg_iter.iov is no longer the +same as kmsg->fast_iov. + +But this would rewind the copy to be the start of +async_msg->fast_iov, which means the internal +state of sync_msg->msg.msg_iter is inconsitent. + +I tested with 5 vectors with length like this 4, 0, 64, 20, 8388608 +and got a short writes with: +- ret=2675244 min_ret=8388692 => remaining 5713448 sr->done_io=2675244 +- ret=-EAGAIN => io_uring_poll_arm +- ret=4911225 min_ret=5713448 => remaining 802223 sr->done_io=7586469 +- ret=-EAGAIN => io_uring_poll_arm +- ret=802223 min_ret=802223 => res=8388692 + +While this was easily triggered with SENDMSG_ZC (queued for 6.1), +it was a potential problem starting with 7ba89d2af17aa879dda30f5d5d3f152e587fc551 +in 5.18 for IORING_OP_RECVMSG. +And also with 4c3c09439c08b03d9503df0ca4c7619c5842892e in 5.19 +for IORING_OP_SENDMSG. + +However 257e84a5377fbbc336ff563833a8712619acce56 introduced the critical +code into io_setup_async_msg() in 5.11. + +Fixes: 7ba89d2af17aa ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly") +Fixes: 257e84a5377fb ("io_uring: refactor sendmsg/recvmsg iov managing") +Cc: stable@vger.kernel.org +Signed-off-by: Stefan Metzmacher +Reviewed-by: Pavel Begunkov +Link: https://lore.kernel.org/r/b2e7be246e2fb173520862b0c7098e55767567a2.1664436949.git.metze@samba.org +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io_uring.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -4681,8 +4681,10 @@ static int io_setup_async_msg(struct io_ + if (async_msg->msg.msg_name) + async_msg->msg.msg_name = &async_msg->addr; + /* if were using fast_iov, set it to the new one */ +- if (!async_msg->free_iov) +- async_msg->msg.msg_iter.iov = async_msg->fast_iov; ++ if (!kmsg->free_iov) { ++ size_t fast_idx = kmsg->msg.msg_iter.iov - kmsg->fast_iov; ++ async_msg->msg.msg_iter.iov = &async_msg->fast_iov[fast_idx]; ++ } + + return -EAGAIN; + } diff --git a/queue-5.10/series b/queue-5.10/series index 82d6b7e47cc..b6157801ef5 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -87,3 +87,5 @@ s390-define-runtime_discard_exit-to-fix-link-error-with-gnu-ld-2.36.patch powerpc-vmlinux.lds-define-runtime_discard_exit.patch powerpc-vmlinux.lds-don-t-discard-.rela-for-relocatable-builds.patch powerpc-vmlinux.lds-don-t-discard-.comment.patch +io_uring-io_kiocb_update_pos-should-not-touch-file-for-non-1-offset.patch +io_uring-net-fix-fast_iov-assignment-in-io_setup_async_msg.patch