From: Dominique Martinet <dominique.marti...@atmark-techno.com> sqeq.off here is the offset to read within the disk image, so obviously not 'nread' (the amount we just read), but as the author meant to write its current value incremented by the amount we just read.
Normally recent versions of linux will not issue short reads, but it can happen so we should fix this. This lead to weird image corruptions when short read happened Fixes: 6663a0a33764 ("block/io_uring: implements interfaces for io_uring") Link: https://lkml.kernel.org/r/yrrfgo4a1js0g...@atmark-techno.com Signed-off-by: Dominique Martinet <dominique.marti...@atmark-techno.com> Message-Id: <20220630010137.2518851-1-dominique.marti...@atmark-techno.com> Reviewed-by: Hanna Reitz <hre...@redhat.com> Reviewed-by: Stefano Garzarella <sgarz...@redhat.com> Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> --- block/io_uring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/io_uring.c b/block/io_uring.c index d48e472e74..b238661740 100644 --- a/block/io_uring.c +++ b/block/io_uring.c @@ -89,7 +89,7 @@ static void luring_resubmit_short_read(LuringState *s, LuringAIOCB *luringcb, trace_luring_resubmit_short_read(s, luringcb, nread); /* Update read position */ - luringcb->total_read = nread; + luringcb->total_read += nread; remaining = luringcb->qiov->size - luringcb->total_read; /* Shorten qiov */ @@ -103,7 +103,7 @@ static void luring_resubmit_short_read(LuringState *s, LuringAIOCB *luringcb, remaining); /* Update sqe */ - luringcb->sqeq.off = nread; + luringcb->sqeq.off += nread; luringcb->sqeq.addr = (__u64)(uintptr_t)luringcb->resubmit_qiov.iov; luringcb->sqeq.len = luringcb->resubmit_qiov.niov; -- 2.36.1