Re: [PATCH] io_uring/register: preserve SQ array entries on resize
From: guzebing
Date: Tue Jun 16 2026 - 08:09:30 EST
Hi Jens,
A gentle ping on this patch.
Please allow me to add some details about the root cause and the
reproducer.
There appear to be two related parts to how the resize path migrates pending SQ entries in regular SQ-array mode.
1. It copies SQEs by walking the logical SQ head/tail range directly.
For a pending SQ entry in regular SQ-array mode, the resize path should
first resolve the old sq_array[] entry to find the source physical SQE
slot, and then copy that SQE into the new SQE array.
2. The old resize path switches ctx->sq_array to the SQ array in the
new ring, but it does not initialize the SQ array entries for the pending submissions.
And I reproduced this with a small test that:
1. creates a ring with IORING_SETUP_SINGLE_ISSUER | IORING_SETUP_DEFER_TASKRUN,
2. writes two NOP SQEs into physical slots 1 and 2,
3. queues two pending entries by setting sq_array[0] = 1 and
sq_array[1] = 2 and advancing the SQ tail,
4. resizes the ring,
5. calls io_uring_enter() to submit those pending SQ entries.
Without the fix, the subsequent submission path can consume the wrong SQE after resize and return a CQE with the wrong user_data. With the patch applied, pending SQ entries are migrated using the old SQ-array mapping, so they still refer to the intended SQEs after resize.
Could you please take a look when you have a chance? I would also
appreciate feedback if you think this is not the right direction, or if
there is a better way to preserve pending SQ-array entries during resize.
Thanks,
guzebing