Commit fcfd94d6 authored Apr 01, 2025 by David Wei Committed by Jens Axboe Apr 01, 2025

io_uring/zcrx: return early from io_zcrx_recv_skb if readlen is 0



When readlen is set for a recvzc request, tcp_read_sock() will call
io_zcrx_recv_skb() one final time with len == desc->count == 0. This is
caused by the !desc->count check happening too late. The offset + 1 !=
skb->len happens earlier and causes the while loop to continue.

Fix this in io_zcrx_recv_skb() instead of tcp_read_sock(). Return early
if len is 0 i.e. the read is done.

Fixes: 6699ec9a ("io_uring/zcrx: add a read limit to recvzc requests")
Signed-off-by: David Wei <dw@davidwei.uk>
Link: https://lore.kernel.org/r/20250401195355.1613813-1-dw@davidwei.uk


Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 81ed1801

io_uring/zcrx.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -818,6 +818,14 @@ io_zcrx_recv_skb(read_descriptor_t desc, struct sk_buff skb,
		int ret = 0;

		len = min_t(size_t, len, desc->count);
		/*
		* __tcp_read_sock() always calls io_zcrx_recv_skb one last time, even
		* if desc->count is already 0. This is caused by the if (offset + 1 !=
		* skb->len) check. Return early in this case to break out of
		* __tcp_read_sock().
		*/
		if (!len)
		return 0;
		if (unlikely(args->nr_skbs++ > IO_SKBS_PER_CALL_LIMIT))
		return -EAGAIN;