BUG: preadv2(.., RWF_NOWAIT) returns spurious EOF

From: Will Manley
Date: Mon May 24 2021 - 06:44:08 EST

Hi All

We've seen preadv2(..., -1, RWF_NOWAIT) return 0 when at offset 4096 in a file much larger than 4096B. This breaks code that reads an entire file because the 0 return makes it believe that it's already read the whole file. We came across this when investigating a bug reported against the Rust async I/O library tokio. The latest release now takes advantage of RWF_NOWAIT for file I/O, but it's caused problems for users.


The issue is readily reproducible. We've tested on armv7, i686 and x86_64 with the ext4 filesystem. Here's the strace output:

preadv2(9, [{iov_base=..., iov_len=32}], 1, -1, RWF_NOWAIT) = 32
preadv2(9, [{iov_base=..., iov_len=32}], 1, -1, RWF_NOWAIT) = 32
preadv2(9, [{iov_base=..., iov_len=64}], 1, -1, RWF_NOWAIT) = 64
preadv2(9, [{iov_base=..., iov_len=128}], 1, -1, RWF_NOWAIT) = 128
preadv2(9, [{iov_base=..., iov_len=256}], 1, -1, RWF_NOWAIT) = 256
preadv2(9, [{iov_base=..., iov_len=512}], 1, -1, RWF_NOWAIT) = 512
preadv2(9, [{iov_base=..., iov_len=1024}], 1, -1, RWF_NOWAIT) = 1024
preadv2(9, [{iov_base=..., iov_len=2048}], 1, -1, RWF_NOWAIT) = 2048
preadv2(9, [{iov_base="", iov_len=4096}], 1, -1, RWF_NOWAIT) = 0

I'm not certain that it's caused by the offset being 4096. Maybe it's that the data will be written into an uncommitted page causes the bug? I'm not certain.

The bug is present in Linux 5.9 and 5.10, but was fixed in Linux 5.11. I've run a bisect and it was introduced in

efa8480a831 fs: RWF_NOWAIT should imply IOCB_NOIO

and fixed in

06c0444290 mm/filemap.c: generic_file_buffered_read() now uses find_get_pages_contig

This is already fixed but I thought it would be important to report it as the fix seems to be incidental. The fix commit message doesn't mention anything about bugs so I wonder if the underlying issue still exists.

Our current plan is to add a uname check and to disable using the RWF_NOWAIT optimisation on 5.9 and 5.10. Given that we don't understand the bug I thought it would be best to check with you. Maybe there's a better way of detecting the presence of this bug?

There's more information at https://github.com/tokio-rs/tokio/issues/3803