Review Request: Don't hang when determining MIME type of corrupted files
Miroslav Ľos
milamby at yahoo.com
Sun Sep 18 18:24:00 BST 2011
> On Aug. 21, 2011, 10:07 a.m., David Faure wrote:
> > Thanks Peter and Miroslav. The analysis looks correct, the pre-read part of the patch looks good. I'm just wondering about using Unbuffered. If someone installs a mimetype definition with multiple rules trying to match some bytes after the 2K limit, then all this seeking-and-reading back and forth will be very slow, in unbuffered mode (since neither cache will be used).
>
> Miroslav Ľos wrote:
> I find Unbuffered causing slowness improbable. From what I've seen in uses of KMimeType::findBy\w*Content in kdelibs, they all (e.g. ftp* and http kioslaves) rather provide their own buffer in a QByteArray rather than a QIODevice; most just provide the path (which is only opened using QFile if it is_local_file).
>
> All QFile's buffering is implemented in the QIODevice superclass, it adds Unbuffered in open() to its openMode for its fileEngine() backend. Thus, no buffering is propagated down. The unnecessary 16K read did hit several more EIO's on the broken CD I have, but it is just cosmetic I guess.
>
> Nonetheless, I find most uses of these functions ever will be through QFile or QBuffer and any client passing another QIODevice may open it itself. Maybe a note in the documentation could help them do it if necessary.
>
> Finally, I wonder if buffering makes a difference as we are only using a few small block reads, not many getChar()'s. Then again, the documentation to QTcpSocket says they cannot be opened (i.e. ignore I guess) Unbuffered, which is what any other QIODevices may do as well.
>
> * ftp passes a 1K-capped buffer (kioslave/ftp/ftp.cpp:2471). That may be insufficient for the single rule on my system that needed 1029 bytes.
>
> David Faure wrote:
> (Pasting here, after realizing you probably didn't see my reply on kde-core-devel)
>
> > I find Unbuffered causing slowness improbable. From what I've seen in uses
> > of KMimeType::findBy\w*Content in kdelibs, they all (e.g. ftp* and http
> > kioslaves) rather provide their own buffer in a QByteArray rather than a
> > QIODevice; most just provide the path (which is only opened using QFile if
> > it is_local_file).
>
> The most common case for mimetype determination is from the file manager
> listing local files, in which case findByUrl will use a QFile for content-
> determination.
>
> Ah, and BTW I have just found a magic rule that needs 4K of data:
> vmware-player.xml says:
> <match type="string" value='config.version = "' offset="0:4096"/>
>
> > All QFile's buffering is implemented in the QIODevice superclass, it adds
> > Unbuffered in open() to its openMode for its fileEngine() backend. Thus, no
> > buffering is propagated down.
>
> I'm not sure what you mean there.
>
> > The unnecessary 16K read did hit several more
> > EIO's on the broken CD I have, but it is just cosmetic I guess.
>
> Yes I'm not sure it's worth optimizing for this special case.
>
> > Nonetheless, I find most uses of these functions ever will be through QFile
> > or QBuffer
>
> Sure. It's QFile that I have in mind here, when I say that seeking back and
> forth will be slow, in unbuffered mode.
>
> > Finally, I wonder if buffering makes a difference as we are only using a few
> > small block reads, not many getChar()'s.
>
> It's about seeking and reading, vs just having the data in memory.
>
> > * ftp passes a 1K-capped buffer (kioslave/ftp/ftp.cpp:2471). That may be
> > insufficient for the single rule on my system that needed 1029 bytes.
>
> Right. Small bug, but a corner case (only matters if extension unknown).
>
>
> Christoph Feck wrote:
> Miroslav, can you clarify why Unbuffered is beneficial? I did not understand it from the ongoing discussion, and I have the feeling David did not either :)
Well, apparently I failed to actually publish my previous reply. My apologies. So here it is, with some additions:
>> All QFile's buffering is implemented in the QIODevice superclass, it adds
>> Unbuffered in open() to its openMode for its fileEngine() backend. Thus, no
>> buffering is propagated down.
>I'm not sure what you mean there.
I mean this excerpt from QFile::open in qt-everywhere-opensource-src-4.7.3/src/corelib/io/qfile.cpp:
995 // QIODevice provides the buffering, so there's no need to request it from the file engine.
996 if (fileEngine()->open(mode | QIODevice::Unbuffered)) {
997 QIODevice::open(mode);
998 if (mode & Append)
999 seek(size());
1000 return true;
1001 }
That means the only thing Unbuffered controls in a QFile (i.e. opened with open(OpenMode)) is the use of a buffer provided in its superclass. Every time it needs to read some data from the device, it first tries to fill the buffer (16K by default). This is only of advantage if the file is read in multiple smaller consecutive blocks in sequence. Most importantly, if there is a seek() to a new position, the whole 16K is read anew, unless the position sought is inside the buffer (duh) and after the current position - no seeking back, even to the start of previous read. This means that opening the QFile Unbuffered is more efficient overall, even if all reads succeed, more so if there are read errors.
The seeking back behavior is better explained by this excerpt from qiodevice.cpp, in seek():
649 if (offset < 0
650 || offset >= qint64(d->buffer.size()))
651 // When seeking backwards, an operation that is only allowed for
652 // random-access devices, the buffer is cleared. The next read
653 // operation will then refill the buffer. We can optimize this, if we
654 // find that seeking backwards becomes a significant performance hit.
655 d->buffer.clear();
656 else if (!d->buffer.isEmpty())
657 d->buffer.skip(int(offset));
To demonstrate (rather verbosely I fear), below is the actual relevant behavior on an uncorrupted file A) before patching; B) my patch with buffering left intact and C) my patch.
In case A), the 16K is read whenever a bigger chunk of data is needed for a rule (it is retained at kmimemagicrule.cpp:134 iff the read was from the beginning). If the file were corrupted, and only could read e.g. first 8K of data, every read() would result in the drive trying to read the data until timeout (first of each pair of reads would return 8192, second -1 EIO, both hanging), which is the source of the hangs I was trying to solve. If the file weren't readable at all, there would still be a pair of reads, one for the buffer, one for the actual size requested, both returning -1 EIO.
In case B) you prefer, the situation is much better: the first big buffer read reduces the need for subsequent re-reads. It shows there are rules after 2K on my system after all. It also shows the limited case where buffering may help (VERY little): there is a rule starting at byte 2089; no rule touched that part of the buffer (containg the whole file as of the first read), so no new read is made. From case C) you see it needs 10 bytes, setting the internal buffer pointer (IBP) to byte 2099. Another rule wants 9 bytes from 2112, still satisfied by the buffer (IBP at position 2121 now). Yet another rule needs 9 bytes from 2108 - before IBP: this results in a new 16K read into the buffer from position 2108, replacing the previous contents in it. The IBP is 2117, while the next rule needs 28 bytes back from 2112 again: another 16K read.
If you still prefer this solution, then I suggest the whole 16K (more exactly, it is QIODEVICE_BUFFERSIZE, but it is an internal constant in qiodevice_p.h) of the initial buffered read is used in the 'beginning' variable.
In case C), only the data actually requested is ever read. It also wins on a lesser count of read() calls over B), as it always verifies it reached EOF if it does not fill the buffer.
Now that I think of it, I guess the filesystem/kernel does buffered reads anyway, so the only difference between cases B) and C) may be that B) just needlessly uses one more buffer.
If I managed to convince you about Unbuffered, please fix coding style with spaces around the | operator.
=== A ===
open("k", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
lseek(3, 2089, SEEK_SET) = 2089
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
read(3, "_ostreamIcT_ES5_PKc\0_ZSt4cout\0_Z"..., 16384) = 11625
read(3, "", 4759) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 2112, SEEK_SET) = 2112
lseek(3, 2108, SEEK_SET) = 2108
read(3, "\0_ZSt4cout\0_ZNSt8ios_base4InitC1"..., 16384) = 11606
read(3, "", 4778) = 0
lseek(3, 2112, SEEK_SET) = 2112
read(3, "t4cout\0_ZNSt8ios_base4InitC1Ev\0l"..., 16384) = 11602
read(3, "", 4782) = 0
lseek(3, 546, SEEK_SET) = 546
read(3, "\0\0\0\0\0\0@\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\200\25\4e\0(\0\0\0\0"..., 16384) = 13168
read(3, "", 3216) = 0
lseek(3, 546, SEEK_SET) = 546
read(3, "\0\0\0\0\0\0@\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\200\25\4e\0(\0\0\0\0"..., 16384) = 13168
read(3, "", 3216) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 2080, SEEK_SET) = 2080
close(3)
=== B ===
open("k", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
lseek(3, 0, SEEK_SET) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 16384) = 13714
read(3, "", 2670) = 0
lseek(3, 2089, SEEK_SET) = 2089
lseek(3, 2112, SEEK_SET) = 2112
lseek(3, 2108, SEEK_SET) = 2108
read(3, "\0_ZSt4cout\0_ZNSt8ios_base4InitC1"..., 16384) = 11606
read(3, "", 4778) = 0
lseek(3, 2112, SEEK_SET) = 2112
read(3, "t4cout\0_ZNSt8ios_base4InitC1Ev\0l"..., 16384) = 11602
read(3, "", 4782) = 0
lseek(3, 2080, SEEK_SET) = 2080
read(3, "St13basic_ostreamIcT_ES5_PKc\0_ZS"..., 16384) = 11634
read(3, "", 4750) = 0
close(3)
=== C ===
open("k", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
lseek(3, 0, SEEK_SET) = 0
fstat(3, {st_mode=S_IFREG|0755, st_size=13714, ...}) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\240\f@\0\0\0\0\0"..., 2048) = 2048
lseek(3, 2089, SEEK_SET) = 2089
read(3, "_ostreamIc", 10) = 10
lseek(3, 2112, SEEK_SET) = 2112
read(3, "t4cout\0_Z", 9) = 9
lseek(3, 2108, SEEK_SET) = 2108
read(3, "\0_ZSt4cou", 9) = 9
lseek(3, 2112, SEEK_SET) = 2112
read(3, "t4cout\0_ZNSt8ios_base4InitC1", 28) = 28
lseek(3, 2080, SEEK_SET) = 2080
read(3, "St13basic_ostreamIcT_ES5_PKc\0", 29) = 29
close(3)
- Miroslav
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102391/#review5872
-----------------------------------------------------------
On Aug. 20, 2011, 5:21 p.m., Peter Penz wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/102391/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2011, 5:21 p.m.)
>
>
> Review request for kdelibs and David Faure.
>
>
> Summary
> -------
>
> If KMimeTypeRepository::findFromContent() tries to determine MIME from a file that cannot be read, such as on a corrupted optical disc, a read attempt is made in KMimeMagicMatch::match() for every available rule, resulting in UI hangs (e.g. file dialogs, dolphin) for tens of minutes (see https://bugs.kde.org/show_bug.cgi?id=280446 for more details).
>
> I've submitted this patch here on behalf of Miroslav ?os, who has submitted the bug-report and also has written the patch.
>
>
> This addresses bug 280446.
> http://bugs.kde.org/show_bug.cgi?id=280446
>
>
> Diffs
> -----
>
> kdecore/services/kmimetype.cpp 955bf62
> kdecore/services/kmimetyperepository.cpp 6ff3d16
>
> Diff: http://git.reviewboard.kde.org/r/102391/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> Peter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110918/3a8115fb/attachment.htm>
More information about the kde-core-devel
mailing list