-
Notifications
You must be signed in to change notification settings - Fork 13.2k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
don't splice from files into pipes in io::copy #108283
Conversation
r? @m-ou-se (rustbot has picked a reviewer for you, use r? to override) |
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
Reading through that thread it makes sense but.. that seems unfortunate? This could be a soundness issue, right? Does this need a test? |
I don't think rust code can see bytes in memory change under its nose, so there's no soundness issue with non-deterministic bytes. Thinking about it, this shouldn't affect sockets because their buffers can't be modified, so splicing from a socket to a pipe could still be ok. The linked mail also describes this as case 1. And yeah, I'll add a test, it's subtle enough. @rustbot author |
Oh bloody, sendfile has the same issue:
Removing that optimization for the File -> Socket case removes the main benefit of sendfile that people have asked for. 🙁 |
b4fa02c
to
171ccb5
Compare
@rustbot ready added a test and checked that it fails without the fix. |
Thank you for investigating this. @bors r+ |
⌛ Testing commit 171ccb5 with merge 4f418e71c2c591d3f3b2811ddf62cebac5a3b7ba... |
💔 Test failed - checks-actions |
Hm, @bors retry |
☀️ Test successful - checks-actions |
Finished benchmarking commit (a29dada): comparison URL. Overall result: ❌ regressions - no action needed@rustbot label: -perf-regression Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
|
The job Click to see the possible cause of the failure (guessed by this bot)
|
Pkgsrc changes: * Adjust patches and cargo checksums to new versions. * Adjust to not cross-build to 8.0, due to LLVM using c++17, so adjust USE_LANGUAGES. Upstream changes: Version 1.70.0 (2023-06-01) ========================== Language -------- - [Relax ordering rules for `asm!` operands] (rust-lang/rust#105798) - [Properly allow macro expanded `format_args` invocations to uses captures] (rust-lang/rust#106505) - [Lint ambiguous glob re-exports] (rust-lang/rust#107880) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) Compiler -------- - [Extend -Cdebuginfo with new options and named aliases] (rust-lang/rust#109808) This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - [Make `unused_allocation` lint against `Box::new` too] (rust-lang/rust#104363) - [Detect uninhabited types early in const eval] (rust-lang/rust#109435) - [Switch to LLD as default linker for {arm,thumb}v4t-none-eabi] (rust-lang/rust#109721) - [Add tier 3 target `loongarch64-unknown-linux-gnu`] (rust-lang/rust#96971) - [Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0)] (rust-lang/rust#109173), - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Document NonZeroXxx layout guarantees] (rust-lang/rust#94786) - [Windows: make `Command` prefer non-verbatim paths] (rust-lang/rust#96391) - [Implement Default for some alloc/core iterators] (rust-lang/rust#99929) - [Fix handling of trailing bare CR in str::lines] (rust-lang/rust#100311) - [allow negative numeric literals in `concat!`] (rust-lang/rust#106844) - [Add documentation about the memory layout of `Cell`] (rust-lang/rust#106921) - [Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt`] (rust-lang/rust#108157) - [Stabilize `atomic_as_ptr`] (rust-lang/rust#108419) - [Stabilize `nonnull_slice_from_raw_parts`] (rust-lang/rust#97506) - [Partial stabilization of `once_cell`] (rust-lang/rust#105587) - [Stabilize `nonzero_min_max`] (rust-lang/rust#106633) - [Flatten/inline format_args!() and (string and int) literal arguments into format_args!()] (rust-lang/rust#106824) - [Stabilize movbe target feature] (rust-lang/rust#107711) - [don't splice from files into pipes in io::copy] (rust-lang/rust#108283) - [Add a builtin unstable `FnPtr` trait that is implemented for all function pointers] (rust-lang/rust#108080) This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - [`NonZero*::MIN/MAX`] (https://doc.rust-lang.org/stable/std/num/struct.NonZeroI8.html#associatedconstant.MIN) - [`BinaryHeap::retain`] (https://doc.rust-lang.org/stable/std/collections/struct.BinaryHeap.html#method.retain) - [`Default for std::collections::binary_heap::IntoIter`] (https://doc.rust-lang.org/stable/std/collections/binary_heap/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoKeys, Keys}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::{IntoValues, Values}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.Range.html) - [`Default for std::collections::btree_set::{IntoIter, Iter}`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.IntoIter.html) - [`Default for std::collections::btree_set::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.Range.html) - [`Default for std::collections::linked_list::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/alloc/collections/linked_list/struct.IntoIter.html) - [`Default for std::vec::IntoIter`] (https://doc.rust-lang.org/stable/alloc/vec/struct.IntoIter.html#impl-Default-for-IntoIter%3CT,+A%3E) - [`Default for std::iter::Chain`] (https://doc.rust-lang.org/stable/std/iter/struct.Chain.html) - [`Default for std::iter::Cloned`] (https://doc.rust-lang.org/stable/std/iter/struct.Cloned.html) - [`Default for std::iter::Copied`] (https://doc.rust-lang.org/stable/std/iter/struct.Copied.html) - [`Default for std::iter::Enumerate`] (https://doc.rust-lang.org/stable/std/iter/struct.Enumerate.html) - [`Default for std::iter::Flatten`] (https://doc.rust-lang.org/stable/std/iter/struct.Flatten.html) - [`Default for std::iter::Fuse`] (https://doc.rust-lang.org/stable/std/iter/struct.Fuse.html) - [`Default for std::iter::Rev`] (https://doc.rust-lang.org/stable/std/iter/struct.Rev.html) - [`Default for std::slice::Iter`] (https://doc.rust-lang.org/stable/std/slice/struct.Iter.html) - [`Default for std::slice::IterMut`] (https://doc.rust-lang.org/stable/std/slice/struct.IterMut.html) - [`Rc::into_inner`] (https://doc.rust-lang.org/stable/alloc/rc/struct.Rc.html#method.into_inner) - [`Arc::into_inner`] (https://doc.rust-lang.org/stable/alloc/sync/struct.Arc.html#method.into_inner) - [`std::cell::OnceCell`] (https://doc.rust-lang.org/stable/std/cell/struct.OnceCell.html) - [`Option::is_some_and`] (https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.is_some_and) - [`NonNull::slice_from_raw_parts`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`Result::is_ok_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_ok_and) - [`Result::is_err_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_err_and) - [`std::sync::atomic::Atomic*::as_ptr`] (https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicU8.html#method.as_ptr) - [`std::io::IsTerminal`] (https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - [`std::os::linux::net::SocketAddrExt`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.SocketAddrExt.html) - [`std::os::unix::net::UnixDatagram::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.bind_addr) - [`std::os::unix::net::UnixDatagram::connect_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.connect_addr) - [`std::os::unix::net::UnixDatagram::send_to_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.send_to_addr) - [`std::os::unix::net::UnixListener::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixListener.html#method.bind_addr) - [`std::path::Path::as_mut_os_str`] (https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.as_mut_os_str) - [`std::sync::OnceLock`] (https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html) Cargo ----- - [Add `CARGO_PKG_README`] (rust-lang/cargo#11645) - [Make `sparse` the default protocol for crates.io] (rust-lang/cargo#11791) - [Accurately show status when downgrading dependencies] (rust-lang/cargo#11839) - [Use registry.default for login/logout] (rust-lang/cargo#11949) - [Stabilize `cargo logout`] (rust-lang/cargo#11950) Misc ---- - [Stabilize rustdoc `--test-run-directory`] (rust-lang/rust#103682) Compatibility Notes ------------------- - [Prevent stable `libtest` from supporting `-Zunstable-options`] (rust-lang/rust#109044) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) - [WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen] (rust-lang/rust#109807) This may cause incompatibility with older execution environments. - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Upgrade to LLVM 16] (rust-lang/rust#109474) - [Use SipHash-1-3 instead of SipHash-2-4 for StableHasher] (rust-lang/rust#107925)
Pkgsrc changes: * Adjust patches and cargo checksums to new versions. * Add support for NetBSD/riscv64. Upstream changes: Version 1.70.0 (2023-06-01) ========================== Language -------- - [Relax ordering rules for `asm!` operands] (rust-lang/rust#105798) - [Properly allow macro expanded `format_args` invocations to uses captures] (rust-lang/rust#106505) - [Lint ambiguous glob re-exports] (rust-lang/rust#107880) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) Compiler -------- - [Extend -Cdebuginfo with new options and named aliases] (rust-lang/rust#109808) This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - [Make `unused_allocation` lint against `Box::new` too] (rust-lang/rust#104363) - [Detect uninhabited types early in const eval] (rust-lang/rust#109435) - [Switch to LLD as default linker for {arm,thumb}v4t-none-eabi] (rust-lang/rust#109721) - [Add tier 3 target `loongarch64-unknown-linux-gnu`] (rust-lang/rust#96971) - [Add tier 3 target for `i586-pc-nto-qnx700`(QNX Neutrino RTOS, version 7.0)] (rust-lang/rust#109173), - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Document NonZeroXxx layout guarantees] (rust-lang/rust#94786) - [Windows: make `Command` prefer non-verbatim paths] (rust-lang/rust#96391) - [Implement Default for some alloc/core iterators] (rust-lang/rust#99929) - [Fix handling of trailing bare CR in str::lines] (rust-lang/rust#100311) - [allow negative numeric literals in `concat!`] (rust-lang/rust#106844) - [Add documentation about the memory layout of `Cell`] (rust-lang/rust#106921) - [Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt`] (rust-lang/rust#108157) - [Stabilize `atomic_as_ptr`] (rust-lang/rust#108419) - [Stabilize `nonnull_slice_from_raw_parts`] (rust-lang/rust#97506) - [Partial stabilization of `once_cell`] (rust-lang/rust#105587) - [Stabilize `nonzero_min_max`] (rust-lang/rust#106633) - [Flatten/inline format_args!() and (string and int) literal arguments into format_args!()] (rust-lang/rust#106824) - [Stabilize movbe target feature] (rust-lang/rust#107711) - [don't splice from files into pipes in io::copy] (rust-lang/rust#108283) - [Add a builtin unstable `FnPtr` trait that is implemented for all function pointers] (rust-lang/rust#108080) This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - [`NonZero*::MIN/MAX`] (https://doc.rust-lang.org/stable/std/num/struct.NonZeroI8.html#associatedconstant.MIN) - [`BinaryHeap::retain`] (https://doc.rust-lang.org/stable/std/collections/struct.BinaryHeap.html#method.retain) - [`Default for std::collections::binary_heap::IntoIter`] (https://doc.rust-lang.org/stable/std/collections/binary_heap/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoIter.html) - [`Default for std::collections::btree_map::{IntoKeys, Keys}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::{IntoValues, Values}`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.IntoKeys.html) - [`Default for std::collections::btree_map::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_map/struct.Range.html) - [`Default for std::collections::btree_set::{IntoIter, Iter}`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.IntoIter.html) - [`Default for std::collections::btree_set::Range`] (https://doc.rust-lang.org/stable/std/collections/btree_set/struct.Range.html) - [`Default for std::collections::linked_list::{IntoIter, Iter, IterMut}`] (https://doc.rust-lang.org/stable/alloc/collections/linked_list/struct.IntoIter.html) - [`Default for std::vec::IntoIter`] (https://doc.rust-lang.org/stable/alloc/vec/struct.IntoIter.html#impl-Default-for-IntoIter%3CT,+A%3E) - [`Default for std::iter::Chain`] (https://doc.rust-lang.org/stable/std/iter/struct.Chain.html) - [`Default for std::iter::Cloned`] (https://doc.rust-lang.org/stable/std/iter/struct.Cloned.html) - [`Default for std::iter::Copied`] (https://doc.rust-lang.org/stable/std/iter/struct.Copied.html) - [`Default for std::iter::Enumerate`] (https://doc.rust-lang.org/stable/std/iter/struct.Enumerate.html) - [`Default for std::iter::Flatten`] (https://doc.rust-lang.org/stable/std/iter/struct.Flatten.html) - [`Default for std::iter::Fuse`] (https://doc.rust-lang.org/stable/std/iter/struct.Fuse.html) - [`Default for std::iter::Rev`] (https://doc.rust-lang.org/stable/std/iter/struct.Rev.html) - [`Default for std::slice::Iter`] (https://doc.rust-lang.org/stable/std/slice/struct.Iter.html) - [`Default for std::slice::IterMut`] (https://doc.rust-lang.org/stable/std/slice/struct.IterMut.html) - [`Rc::into_inner`] (https://doc.rust-lang.org/stable/alloc/rc/struct.Rc.html#method.into_inner) - [`Arc::into_inner`] (https://doc.rust-lang.org/stable/alloc/sync/struct.Arc.html#method.into_inner) - [`std::cell::OnceCell`] (https://doc.rust-lang.org/stable/std/cell/struct.OnceCell.html) - [`Option::is_some_and`] (https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.is_some_and) - [`NonNull::slice_from_raw_parts`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`Result::is_ok_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_ok_and) - [`Result::is_err_and`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.is_err_and) - [`std::sync::atomic::Atomic*::as_ptr`] (https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicU8.html#method.as_ptr) - [`std::io::IsTerminal`] (https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - [`std::os::linux::net::SocketAddrExt`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.SocketAddrExt.html) - [`std::os::unix::net::UnixDatagram::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.bind_addr) - [`std::os::unix::net::UnixDatagram::connect_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.connect_addr) - [`std::os::unix::net::UnixDatagram::send_to_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixDatagram.html#method.send_to_addr) - [`std::os::unix::net::UnixListener::bind_addr`] (https://doc.rust-lang.org/stable/std/os/unix/net/struct.UnixListener.html#method.bind_addr) - [`std::path::Path::as_mut_os_str`] (https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.as_mut_os_str) - [`std::sync::OnceLock`] (https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html) Cargo ----- - [Add `CARGO_PKG_README`] (rust-lang/cargo#11645) - [Make `sparse` the default protocol for crates.io] (rust-lang/cargo#11791) - [Accurately show status when downgrading dependencies] (rust-lang/cargo#11839) - [Use registry.default for login/logout] (rust-lang/cargo#11949) - [Stabilize `cargo logout`] (rust-lang/cargo#11950) Misc ---- - [Stabilize rustdoc `--test-run-directory`] (rust-lang/rust#103682) Compatibility Notes ------------------- - [Prevent stable `libtest` from supporting `-Zunstable-options`] (rust-lang/rust#109044) - [Perform const and unsafe checking for expressions in `let _ = expr` position.] (rust-lang/rust#102256) - [WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen] (rust-lang/rust#109807) This may cause incompatibility with older execution environments. - [Insert alignment checks for pointer dereferences as debug assertions] (rust-lang/rust#98112) This catches undefined behavior at runtime, and may cause existing code to fail. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Upgrade to LLVM 16] (rust-lang/rust#109474) - [Use SipHash-1-3 instead of SipHash-2-4 for StableHasher] (rust-lang/rust#107925)
For optimization reverted here, I think we could add it back with an intermediate pipe? I.e. first The intermediate pipe can be cached and reused, given that we can make sure there's no panicking within |
If that works at all it'd still negate some of the advantages of splice. More syscalls, more copying. It still might provide some more throughput because pipes would be a larger buffer than our 8k on-stack buffer. Maybe worth a try. In theory using sendfile/splice from read-only files might be ok, but then the question is in which state the file or file descriptor must be so that we could consider it sufficiently read-only. |
Thanks, I'd try opening a PR for this.
Unless it's I thought about if CoW filesystem is immune to this, but then I think that's impossible because the mmap abstraction provides by the kernel guarantees it will see updates. That reminds me, that on CoW fs,
I think the best fix would be for the Linux kernel to fix this, if they would provide a flag to opt-in to CoW behavior. It'd also be great if |
@the8472 I think sealed files can be used here, if the file has flag |
So to sum up, I think we can add back optimization via:
Otherwise, we'd fallback to:
Also, if the file is a named fifo, then just a splice without F_MOVE would work fine. |
This fixes potential data ordering issue where a write performed after a copy operation could become visible in the copy even though it signaled completion.
I assumed that by not setting
SPLICE_F_MOVE
we would be safe and the kernel would do a copy in kernel space and we could avoid the read-write syscall and copy-to/from-userspace costs. But apparently that flag only makes a difference when splicing from a pipe, but not when splicing into it.Context: https://lkml.org/lkml/2023/2/9/673