-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
don't splice from files into pipes in io::copy #108283
Conversation
r? @m-ou-se (rustbot has picked a reviewer for you, use r? to override) |
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
Reading through that thread it makes sense but.. that seems unfortunate? This could be a soundness issue, right? Does this need a test? |
I don't think rust code can see bytes in memory change under its nose, so there's no soundness issue with non-deterministic bytes. Thinking about it, this shouldn't affect sockets because their buffers can't be modified, so splicing from a socket to a pipe could still be ok. The linked mail also describes this as case 1. And yeah, I'll add a test, it's subtle enough. @rustbot author |
Oh bloody, sendfile has the same issue:
Removing that optimization for the File -> Socket case removes the main benefit of sendfile that people have asked for. 🙁 |
b4fa02c
to
171ccb5
Compare
@rustbot ready added a test and checked that it fails without the fix. |
Thank you for investigating this. @bors r+ |
⌛ Testing commit 171ccb5 with merge 4f418e71c2c591d3f3b2811ddf62cebac5a3b7ba... |
💔 Test failed - checks-actions |
Hm, @bors retry |
☀️ Test successful - checks-actions |
Finished benchmarking commit (a29dada): comparison URL. Overall result: ❌ regressions - no action needed@rustbot label: -perf-regression Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
|
The job Click to see the possible cause of the failure (guessed by this bot)
|
Pkgsrc changes: * Adjust patches and cargo checksums to new versions. * Adjust to not cross-build to 8.0, due to LLVM using c++17, so adjust USE_LANGUAGES. Upstream changes: Version 1.70.0 (2023-06-01) ========================== Language -------- - [Relax ordering rules for `asm!` operands] (rust-lang/rust#105798) - [Properly allow macro expanded `format_args` invocations to uses captures] (rust-lang/rust#106505) - [Lint ambiguous glob re-exports] (rust-lang/rust#107880) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) Compiler -------- - [Extend -Cdebuginfo with new options and named aliases] (rust-lang/rust#109808) This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - [Make `unused_allocation` lint against `Box::new` too] (rust-lang/rust#104363) - [Detect uninhabited types early in const eval] (rust-lang/rust#109435) - [Switch to LLD as default linker for {arm,thumb}v4t-none-eabi] (rust-lang/rust#109721) - [Add tier 3 target `loongarch64-unknown-linux-gnu`] (rust-lang/rust#96971) - [Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0)] (rust-lang/rust#109173), - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Document NonZeroXxx layout guarantees] (rust-lang/rust#94786) - [Windows: make `Command` prefer non-verbatim paths] (rust-lang/rust#96391) - [Implement Default for some alloc/core iterators] (rust-lang/rust#99929) - [Fix handling of trailing bare CR in str::lines] (rust-lang/rust#100311) - [allow negative numeric literals in `concat!`] (rust-lang/rust#106844) - [Add documentation about the memory layout of `Cell`] (rust-lang/rust#106921) - [Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt`] (rust-lang/rust#108157) - [Stabilize `atomic_as_ptr`] (rust-lang/rust#108419) - [Stabilize `nonnull_slice_from_raw_parts`] (rust-lang/rust#97506) - [Partial stabilization of `once_cell`] (rust-lang/rust#105587) - [Stabilize `nonzero_min_max`] (rust-lang/rust#106633) - [Flatten/inline format_args!() and (string and int) literal arguments into format_args!()] (rust-lang/rust#106824) - [Stabilize movbe target feature] (rust-lang/rust#107711) - [don't splice from files into pipes in io::copy] (rust-lang/rust#108283) - [Add a builtin unstable `FnPtr` trait that is implemented for all function pointers] (rust-lang/rust#108080) This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - [`NonZero*::MIN/MAX`] (https://doc.rust-lang.org/stable/std/num/struct.NonZeroI8.html#associatedconstant.MIN) - [`BinaryHeap::retain`] (https://doc.rust-lang.org/stable/std/collections/struct.BinaryHeap.html#method.retain) - [`Default for std::collections::binary_heap::IntoIter`] (https://doc.rust-lang.org/stable/std/collections/binary_heap/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoKeys, Keys}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::{IntoValues, Values}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.Range.html) - [`Default for std::collections::btree_set::{IntoIter, Iter}`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.IntoIter.html) - [`Default for std::collections::btree_set::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.Range.html) - [`Default for std::collections::linked_list::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/alloc/collections/linked_list/struct.IntoIter.html) - [`Default for std::vec::IntoIter`] (https://doc.rust-lang.org/stable/alloc/vec/struct.IntoIter.html#impl-Default-for-IntoIter%3CT,+A%3E) - [`Default for std::iter::Chain`] (https://doc.rust-lang.org/stable/std/iter/struct.Chain.html) - [`Default for std::iter::Cloned`] (https://doc.rust-lang.org/stable/std/iter/struct.Cloned.html) - [`Default for std::iter::Copied`] (https://doc.rust-lang.org/stable/std/iter/struct.Copied.html) - [`Default for std::iter::Enumerate`] (https://doc.rust-lang.org/stable/std/iter/struct.Enumerate.html) - [`Default for std::iter::Flatten`] (https://doc.rust-lang.org/stable/std/iter/struct.Flatten.html) - [`Default for std::iter::Fuse`] (https://doc.rust-lang.org/stable/std/iter/struct.Fuse.html) - [`Default for std::iter::Rev`] (https://doc.rust-lang.org/stable/std/iter/struct.Rev.html) - [`Default for std::slice::Iter`] (https://doc.rust-lang.org/stable/std/slice/struct.Iter.html) - [`Default for std::slice::IterMut`] (https://doc.rust-lang.org/stable/std/slice/struct.IterMut.html) - [`Rc::into_inner`] (https://doc.rust-lang.org/stable/alloc/rc/struct.Rc.html#method.into_inner) - [`Arc::into_inner`] (https://doc.rust-lang.org/stable/alloc/sync/struct.Arc.html#method.into_inner) - [`std::cell::OnceCell`] (https://doc.rust-lang.org/stable/std/cell/struct.OnceCell.html) - [`Option::is_some_and`] (https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.is_some_and) - [`NonNull::slice_from_raw_parts`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`Result::is_ok_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_ok_and) - [`Result::is_err_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_err_and) - [`std::sync::atomic::Atomic*::as_ptr`] (https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicU8.html#method.as_ptr) - [`std::io::IsTerminal`] (https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - [`std::os::linux::net::SocketAddrExt`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.SocketAddrExt.html) - [`std::os::unix::net::UnixDatagram::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.bind_addr) - [`std::os::unix::net::UnixDatagram::connect_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.connect_addr) - [`std::os::unix::net::UnixDatagram::send_to_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.send_to_addr) - [`std::os::unix::net::UnixListener::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixListener.html#method.bind_addr) - [`std::path::Path::as_mut_os_str`] (https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.as_mut_os_str) - [`std::sync::OnceLock`] (https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html) Cargo ----- - [Add `CARGO_PKG_README`] (rust-lang/cargo#11645) - [Make `sparse` the default protocol for crates.io] (rust-lang/cargo#11791) - [Accurately show status when downgrading dependencies] (rust-lang/cargo#11839) - [Use registry.default for login/logout] (rust-lang/cargo#11949) - [Stabilize `cargo logout`] (rust-lang/cargo#11950) Misc ---- - [Stabilize rustdoc `--test-run-directory`] (rust-lang/rust#103682) Compatibility Notes ------------------- - [Prevent stable `libtest` from supporting `-Zunstable-options`] (rust-lang/rust#109044) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) - [WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen] (rust-lang/rust#109807) This may cause incompatibility with older execution environments. - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Upgrade to LLVM 16] (rust-lang/rust#109474) - [Use SipHash-1-3 instead of SipHash-2-4 for StableHasher] (rust-lang/rust#107925)
Pkgsrc changes: * Adjust patches and cargo checksums to new versions. * Add support for NetBSD/riscv64. Upstream changes: Version 1.70.0 (2023-06-01) ========================== Language -------- - [Relax ordering rules for `asm!` operands] (rust-lang/rust#105798) - [Properly allow macro expanded `format_args` invocations to uses captures] (rust-lang/rust#106505) - [Lint ambiguous glob re-exports] (rust-lang/rust#107880) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) Compiler -------- - [Extend -Cdebuginfo with new options and named aliases] (rust-lang/rust#109808) This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - [Make `unused_allocation` lint against `Box::new` too] (rust-lang/rust#104363) - [Detect uninhabited types early in const eval] (rust-lang/rust#109435) - [Switch to LLD as default linker for {arm,thumb}v4t-none-eabi] (rust-lang/rust#109721) - [Add tier 3 target `loongarch64-unknown-linux-gnu`] (rust-lang/rust#96971) - [Add tier 3 target for `i586-pc-nto-qnx700`(QNX Neutrino RTOS, version 7.0)] (rust-lang/rust#109173), - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Document NonZeroXxx layout guarantees] (rust-lang/rust#94786) - [Windows: make `Command` prefer non-verbatim paths] (rust-lang/rust#96391) - [Implement Default for some alloc/core iterators] (rust-lang/rust#99929) - [Fix handling of trailing bare CR in str::lines] (rust-lang/rust#100311) - [allow negative numeric literals in `concat!`] (rust-lang/rust#106844) - [Add documentation about the memory layout of `Cell`] (rust-lang/rust#106921) - [Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt`] (rust-lang/rust#108157) - [Stabilize `atomic_as_ptr`] (rust-lang/rust#108419) - [Stabilize `nonnull_slice_from_raw_parts`] (rust-lang/rust#97506) - [Partial stabilization of `once_cell`] (rust-lang/rust#105587) - [Stabilize `nonzero_min_max`] (rust-lang/rust#106633) - [Flatten/inline format_args!() and (string and int) literal arguments into format_args!()] (rust-lang/rust#106824) - [Stabilize movbe target feature] (rust-lang/rust#107711) - [don't splice from files into pipes in io::copy] (rust-lang/rust#108283) - [Add a builtin unstable `FnPtr` trait that is implemented for all function pointers] (rust-lang/rust#108080) This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - [`NonZero*::MIN/MAX`] (https://doc.rust-lang.org/stable/std/num/struct.NonZeroI8.html#associatedconstant.MIN) - [`BinaryHeap::retain`] (https://doc.rust-lang.org/stable/std/collections/struct.BinaryHeap.html#method.retain) - [`Default for std::collections::binary_heap::IntoIter`] (https://doc.rust-lang.org/stable/std/collections/binary_heap/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoKeys, Keys}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::{IntoValues, Values}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.Range.html) - [`Default for std::collections::btree_set::{IntoIter, Iter}`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.IntoIter.html) - [`Default for std::collections::btree_set::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.Range.html) - [`Default for std::collections::linked_list::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/alloc/collections/linked_list/struct.IntoIter.html) - [`Default for std::vec::IntoIter`] (https://doc.rust-lang.org/stable/alloc/vec/struct.IntoIter.html#impl-Default-for-IntoIter%3CT,+A%3E) - [`Default for std::iter::Chain`] (https://doc.rust-lang.org/stable/std/iter/struct.Chain.html) - [`Default for std::iter::Cloned`] (https://doc.rust-lang.org/stable/std/iter/struct.Cloned.html) - [`Default for std::iter::Copied`] (https://doc.rust-lang.org/stable/std/iter/struct.Copied.html) - [`Default for std::iter::Enumerate`] (https://doc.rust-lang.org/stable/std/iter/struct.Enumerate.html) - [`Default for std::iter::Flatten`] (https://doc.rust-lang.org/stable/std/iter/struct.Flatten.html) - [`Default for std::iter::Fuse`] (https://doc.rust-lang.org/stable/std/iter/struct.Fuse.html) - [`Default for std::iter::Rev`] (https://doc.rust-lang.org/stable/std/iter/struct.Rev.html) - [`Default for std::slice::Iter`] (https://doc.rust-lang.org/stable/std/slice/struct.Iter.html) - [`Default for std::slice::IterMut`] (https://doc.rust-lang.org/stable/std/slice/struct.IterMut.html) - [`Rc::into_inner`] (https://doc.rust-lang.org/stable/alloc/rc/struct.Rc.html#method.into_inner) - [`Arc::into_inner`] (https://doc.rust-lang.org/stable/alloc/sync/struct.Arc.html#method.into_inner) - [`std::cell::OnceCell`] (https://doc.rust-lang.org/stable/std/cell/struct.OnceCell.html) - [`Option::is_some_and`] (https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.is_some_and) - [`NonNull::slice_from_raw_parts`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`Result::is_ok_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_ok_and) - [`Result::is_err_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_err_and) - [`std::sync::atomic::Atomic*::as_ptr`] (https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicU8.html#method.as_ptr) - [`std::io::IsTerminal`] (https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - [`std::os::linux::net::SocketAddrExt`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.SocketAddrExt.html) - [`std::os::unix::net::UnixDatagram::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.bind_addr) - [`std::os::unix::net::UnixDatagram::connect_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.connect_addr) - [`std::os::unix::net::UnixDatagram::send_to_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.send_to_addr) - [`std::os::unix::net::UnixListener::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixListener.html#method.bind_addr) - [`std::path::Path::as_mut_os_str`] (https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.as_mut_os_str) - [`std::sync::OnceLock`] (https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html) Cargo ----- - [Add `CARGO_PKG_README`] (rust-lang/cargo#11645) - [Make `sparse` the default protocol for crates.io] (rust-lang/cargo#11791) - [Accurately show status when downgrading dependencies] (rust-lang/cargo#11839) - [Use registry.default for login/logout] (rust-lang/cargo#11949) - [Stabilize `cargo logout`] (rust-lang/cargo#11950) Misc ---- - [Stabilize rustdoc `--test-run-directory`] (rust-lang/rust#103682) Compatibility Notes ------------------- - [Prevent stable `libtest` from supporting `-Zunstable-options`] (rust-lang/rust#109044) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) - [WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen] (rust-lang/rust#109807) This may cause incompatibility with older execution environments. - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Upgrade to LLVM 16] (rust-lang/rust#109474) - [Use SipHash-1-3 instead of SipHash-2-4 for StableHasher] (rust-lang/rust#107925)
For optimization reverted here, I think we could add it back with an intermediate pipe? I.e. first The intermediate pipe can be cached and reused, given that we can make sure there's no panicking within |
If that works at all it'd still negate some of the advantages of splice. More syscalls, more copying. It still might provide some more throughput because pipes would be a larger buffer than our 8k on-stack buffer. Maybe worth a try. In theory using sendfile/splice from read-only files might be ok, but then the question is in which state the file or file descriptor must be so that we could consider it sufficiently read-only. |
Thanks, I'd try opening a PR for this.
Unless it's I thought about if CoW filesystem is immune to this, but then I think that's impossible because the mmap abstraction provides by the kernel guarantees it will see updates. That reminds me, that on CoW fs,
I think the best fix would be for the Linux kernel to fix this, if they would provide a flag to opt-in to CoW behavior. It'd also be great if |
@the8472 I think sealed files can be used here, if the file has flag |
So to sum up, I think we can add back optimization via:
Otherwise, we'd fallback to:
Also, if the file is a named fifo, then just a splice without F_MOVE would work fine. |
This fixes potential data ordering issue where a write performed after a copy operation could become visible in the copy even though it signaled completion.
I assumed that by not setting
SPLICE_F_MOVE
we would be safe and the kernel would do a copy in kernel space and we could avoid the read-write syscall and copy-to/from-userspace costs. But apparently that flag only makes a difference when splicing from a pipe, but not when splicing into it.Context: https://lkml.org/lkml/2023/2/9/673