From: Pavel Begunkov <asml.silence@gmail.com>
To: David Hildenbrand <david@redhat.com>, io-uring@vger.kernel.org
Subject: Re: [PATCH v1 2/3] io_uring/rsrc: don't rely on user vaddr alignment
Date: Tue, 24 Jun 2025 13:30:23 +0100 [thread overview]
Message-ID: <3e57a86c-ff92-4ae9-a0b8-9205545248e2@gmail.com> (raw)
In-Reply-To: <5dcd8826-697b-46c8-a4e7-d1b9802092e8@gmail.com>
On 6/24/25 13:20, Pavel Begunkov wrote:
> On 6/24/25 12:53, David Hildenbrand wrote:
>> On 24.06.25 12:35, Pavel Begunkov wrote:
>>> There is no guaranteed alignment for user pointers, however the
>>> calculation of an offset of the first page into a folio after
>>> coalescing uses some weird bit mask logic, get rid of it.
>>>
>>> Cc: stable@vger.kernel.org
>>> Reported-by: David Hildenbrand <david@redhat.com>
>>> Fixes: a8edbb424b139 ("io_uring/rsrc: enable multi-hugepage buffer coalescing")
>>> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
>>> ---
>>> io_uring/rsrc.c | 8 +++++++-
>>> io_uring/rsrc.h | 1 +
>>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c
>>> index e83a294c718b..5132f8df600f 100644
>>> --- a/io_uring/rsrc.c
>>> +++ b/io_uring/rsrc.c
>>> @@ -734,6 +734,8 @@ bool io_check_coalesce_buffer(struct page **page_array, int nr_pages,
>>> data->nr_pages_mid = folio_nr_pages(folio);
>>> data->folio_shift = folio_shift(folio);
>>> + data->first_page_offset = page_array[0] - compound_head(page_array[0]);
>>> + data->first_page_offset <<= PAGE_SHIFT;
>>
>> Would that also cover when we have something like
>>
>> nr_pages = 4
>> pages[0] = folio_page(folio, 1);
>> pages[1] = folio_page(folio, 2);
>> pages[2] = folio_page(folio2, 1);
>> pages[3] = folio_page(folio2, 2);
>>
>> Note that we can create all kinds of crazy partially-mapped THP layouts using VMAs.
>
> It'll see that pages[2] is not the first page of folio2
> and return that it can't be coalesced
>
> if (/* ... */ || folio_page_idx(folio, page_array[i]) != 0)
> return false;
To elaborate, we're only coalescing if for all but the first resulting
bvec segment starts from the beginning of its folio, and all but the
last bvec segment ends at the right border of the folio. IOW, all
middle bvecs should fully cover their folios, and the first and the
last bvecs should align by the right and left borders of their folios
correspondingly.
--
Pavel Begunkov
next prev parent reply other threads:[~2025-06-24 12:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-24 10:35 [PATCH v1 0/3] io_uring mm related abuses Pavel Begunkov
2025-06-24 10:35 ` [PATCH v1 1/3] io_uring/rsrc: fix folio unpinning Pavel Begunkov
2025-06-24 11:57 ` David Hildenbrand
2025-06-24 12:08 ` Pavel Begunkov
2025-06-24 10:35 ` [PATCH v1 2/3] io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov
2025-06-24 11:53 ` David Hildenbrand
2025-06-24 12:20 ` Pavel Begunkov
2025-06-24 12:26 ` David Hildenbrand
2025-06-24 12:37 ` Pavel Begunkov
2025-06-24 12:30 ` Pavel Begunkov [this message]
2025-06-24 12:42 ` David Hildenbrand
2025-06-24 12:54 ` Pavel Begunkov
2025-06-24 10:35 ` [PATCH v1 3/3] io_uring: don't assume uaddr alignment in io_vec_fill_bvec Pavel Begunkov
2025-06-24 10:38 ` [PATCH v1 0/3] io_uring mm related abuses Pavel Begunkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e57a86c-ff92-4ae9-a0b8-9205545248e2@gmail.com \
--to=asml.silence@gmail.com \
--cc=david@redhat.com \
--cc=io-uring@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox