When io_uring is used in the same task as CIFS, there might be
unnecessary reconnects, causing issues in user-space applications
like QEMU with a log like:

> CIFS: VFS: \\10.10.100.81 Error -512 sending data on socket to server

Certain io_uring completions might be added to task_work with
notify_method being TWA_SIGNAL and thus TIF_NOTIFY_SIGNAL is set for
the task.

In __smb_send_rqst(), signals are masked before calling
smb_send_kvec(), but the masking does not apply to TIF_NOTIFY_SIGNAL.

If sk_stream_wait_memory() is reached via sock_sendmsg() while
TIF_NOTIFY_SIGNAL is set, signal_pending(current) will evaluate to
true there, and -EINTR will be propagated all the way from
sk_stream_wait_memory() to sock_sendmsg() in smb_send_kvec().
Afterwards, __smb_send_rqst() will see that not everything was written
and reconnect.


A reproducer exposing the issue using QEMU:
#!/bin/bash
target=$1
dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=100
qemu-img create -f raw $target 100M
./qemu-system-x86_64 --qmp stdio \
--blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw,file.aio=io_uring \
--blockdev raw,node-name=node1,file.driver=file,file.filename=$target,file.aio=native,file.cache.direct=on \
<<EOF
{"execute": "qmp_capabilities"}
{"execute": "blockdev-mirror", "arguments": { "job-id": "mirror0", "device": "node0", "target": "node1", "sync": "full" } }
EOF

Another reproducer is having a QEMU virtual machine with one disk
using io_uring and one disk on CIFS and doing IO to both disks at the
same time.

I also got a reproducer based on liburing's examples/io_uring-cp.c
which I can send along if you are interested in it.


Fiona Ebner (2):
  smb: client: transport: avoid reconnects triggered by pending task
    work
  smb: client: transport: minor indentation style fix

 fs/smb/client/transport.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

-- 
2.47.2

Ping

Am 15.09.25 um 5:19 PM schrieb Fiona Ebner:
> When io_uring is used in the same task as CIFS, there might be
> unnecessary reconnects, causing issues in user-space applications
> like QEMU with a log like:
> 
>> CIFS: VFS: \\10.10.100.81 Error -512 sending data on socket to server
> 
> Certain io_uring completions might be added to task_work with
> notify_method being TWA_SIGNAL and thus TIF_NOTIFY_SIGNAL is set for
> the task.
> 
> In __smb_send_rqst(), signals are masked before calling
> smb_send_kvec(), but the masking does not apply to TIF_NOTIFY_SIGNAL.
> 
> If sk_stream_wait_memory() is reached via sock_sendmsg() while
> TIF_NOTIFY_SIGNAL is set, signal_pending(current) will evaluate to
> true there, and -EINTR will be propagated all the way from
> sk_stream_wait_memory() to sock_sendmsg() in smb_send_kvec().
> Afterwards, __smb_send_rqst() will see that not everything was written
> and reconnect.
> 
> 
> A reproducer exposing the issue using QEMU:
> #!/bin/bash
> target=$1
> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=100
> qemu-img create -f raw $target 100M
> ./qemu-system-x86_64 --qmp stdio \
> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw,file.aio=io_uring \
> --blockdev raw,node-name=node1,file.driver=file,file.filename=$target,file.aio=native,file.cache.direct=on \
> <<EOF
> {"execute": "qmp_capabilities"}
> {"execute": "blockdev-mirror", "arguments": { "job-id": "mirror0", "device": "node0", "target": "node1", "sync": "full" } }
> EOF
> 
> Another reproducer is having a QEMU virtual machine with one disk
> using io_uring and one disk on CIFS and doing IO to both disks at the
> same time.
> 
> I also got a reproducer based on liburing's examples/io_uring-cp.c
> which I can send along if you are interested in it.
> 
> 
> Fiona Ebner (2):
>   smb: client: transport: avoid reconnects triggered by pending task
>     work
>   smb: client: transport: minor indentation style fix
> 
>  fs/smb/client/transport.c | 13 ++++++++++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
>