Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2982817pxa; Tue, 25 Aug 2020 08:22:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJycsWS2NrseWf9/FrtVvfq2wm9KmfDyCdDsVkyS0v+cpLpubV8FqwwsOyOT05mkIvHUWfAP X-Received: by 2002:a17:906:4810:: with SMTP id w16mr10030946ejq.298.1598368973914; Tue, 25 Aug 2020 08:22:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598368973; cv=none; d=google.com; s=arc-20160816; b=GNdxUVGurcIn4lH5889kfhLNtJTrp4+jMUrpF282mZ4HX1VKuwAvKDdsD9rXEPOanA W6MtLKz9IwDaXpTBRcOBdQ67pRFbKDK01CKrnLT+t9AH3yOGqgTK4MPiFanfblDXasb5 nPOjohgBswTvBmygmmWSIlHmeNOmteNFuH5ycFtlgXEwwGCeGYlrPNcgP5fErui8tZRi b0t59r+DXzyfE7XjlinX0KRdnvq1Fh1ubwB9KK2vTxy/mGRwGKxKQ6d32FUTZ/zsSbmU NbfjewI2MsNt2WQJ0TMPPKRXAWAS7WK0P4fzmaI7ucUTfUTNeE/cDIxXseP1tyTFwVKK HOCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=/ww29tGGGCJNK0uYcOWj2E3kj6GiHCX868VNsZmxKCg=; b=JOrTdDgMxoUYDj8rBi2O4ft+oCTFawWXrga+msmUoGBZvJylRqyHgsFaV86WlFdP1I UZGjGymjdB4XdiBlaTSfguwGewb8u/AwS04QuhZE/BzBx4KpLDmqa0MuUWP0eVURMx3q Kbe2ZNGsQMQvWz09os67ILGBbkz57NuU+UD+ZHtv6Gds8xsYJ2hIS01QPhdR/jS9Q/CS p0J/+wG+Ef6Uuv0uBymurKOvR1tmJeWQ5vCAFGUg7Y8+G3yQBdc/vbBXxAR+iu3mlgAf MCarKJOtW7v7ZJ9puIblHRgOQeagA1/drqBVLmQ+NUP2anfkDmeyvI9wD14LpYJt/fFI f9rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Fm2c3icd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a9si7102395ejb.264.2020.08.25.08.22.30; Tue, 25 Aug 2020 08:22:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Fm2c3icd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726934AbgHYPVC (ORCPT + 99 others); Tue, 25 Aug 2020 11:21:02 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:24894 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726723AbgHYPU6 (ORCPT ); Tue, 25 Aug 2020 11:20:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598368857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/ww29tGGGCJNK0uYcOWj2E3kj6GiHCX868VNsZmxKCg=; b=Fm2c3icduIh6sNT+N6QXVPZC/1xvJ1HQ2+ZAkb8XiRCOV6CXx13O6jNZeYTpvMqdUyPQ57 orDg9ucOtwj2MQHhYPtibNaJN8BT6wzm5LuNhcGh6fnR7J5jqIfYDANVkXslIoVewYq/4M AZ/fOP+9A2yVPwZNemCwNJ9FPvdUCVs= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-194-j0bULRSUMqGBb4-qXTLhBw-1; Tue, 25 Aug 2020 11:20:49 -0400 X-MC-Unique: j0bULRSUMqGBb4-qXTLhBw-1 Received: by mail-wr1-f71.google.com with SMTP id p16so94089wrf.16 for ; Tue, 25 Aug 2020 08:20:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=/ww29tGGGCJNK0uYcOWj2E3kj6GiHCX868VNsZmxKCg=; b=c+YFSD5kOlttONiOXhU4Rp1jbCRu7NrVzfE9+CJQoFFMSjCBBafPjgdlNsJbd8Hgdt 1plZOuz0UCWt4pI2E3gqLrRgWTVHTTzka11KN24oNS25iQVkK5GAZidUbTtYOqwWiOBF bWVjwacD6f0qii6XLt9CNO2l9WfTXguokdo7zegAymEls8vdui8I5uwOPMOc/D0Ypppo 1eZ7H4lDfdL4+Sbvd+q7+BySvqrKZYw8R8sLJrcXvVJ8blyHJ9/W/MlgPvvsbdNUnPJy 7OsKPW2S8DxGZ7A9l6i0S9ha9i9ucBFG0dOxKOqyjHDEg1iWCuBMfWPUax1uhBoNBOe3 r+Ig== X-Gm-Message-State: AOAM532BYskoGfpxMZHIz+snxmytoAAfM44Rbvjsl4rABsb+EcXU0jnm GFZeatMzVuuOrmYCErTr9PdXfqN3r3EOSeCQ+0pZvtYGEvHrBVwzFhrdVIjUjWvhuJEO7q2Gn1Q gUCheXC34tDgG9ZpBTm1h+Zuz X-Received: by 2002:adf:f149:: with SMTP id y9mr10788349wro.93.1598368848123; Tue, 25 Aug 2020 08:20:48 -0700 (PDT) X-Received: by 2002:adf:f149:: with SMTP id y9mr10788321wro.93.1598368847815; Tue, 25 Aug 2020 08:20:47 -0700 (PDT) Received: from steredhat (host-79-51-197-141.retail.telecomitalia.it. [79.51.197.141]) by smtp.gmail.com with ESMTPSA id v20sm3575043wra.72.2020.08.25.08.20.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Aug 2020 08:20:47 -0700 (PDT) Date: Tue, 25 Aug 2020 17:20:44 +0200 From: Stefano Garzarella To: Jens Axboe Cc: Christian Brauner , Jann Horn , Jeff Moyer , Linux FS Devel , Sargun Dhillon , Kees Cook , Alexander Viro , Kernel Hardening , Stefan Hajnoczi , kernel list , Aleksa Sarai , io-uring Subject: Re: [PATCH v4 0/3] io_uring: add restrictions to support untrusted applications and guests Message-ID: References: <20200813153254.93731-1-sgarzare@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200813153254.93731-1-sgarzare@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Jens, this is a gentle ping. I'll respin, using memdup_user() for restriction registration. I'd like to get some feedback to see if I should change anything else. Do you think it's in good shape? Thanks, Stefano On Thu, Aug 13, 2020 at 5:34 PM Stefano Garzarella wrote: > > v4: > - rebased on top of io_uring-5.9 > - fixed io_uring_enter() exit path when ring is disabled > > v3: https://lore.kernel.org/io-uring/20200728160101.48554-1-sgarzare@redhat.c= > om/ > RFC v2: https://lore.kernel.org/io-uring/20200716124833.93667-1-sgarzare@redh= > at.com > RFC v1: https://lore.kernel.org/io-uring/20200710141945.129329-1-sgarzare@red= > hat.com > > Following the proposal that I send about restrictions [1], I wrote this series > to add restrictions in io_uring. > > I also wrote helpers in liburing and a test case (test/register-restrictions.= > c) > available in this repository: > https://github.com/stefano-garzarella/liburing (branch: io_uring_restrictions) > > Just to recap the proposal, the idea is to add some restrictions to the > operations (sqe opcode and flags, register opcode) to safely allow untrusted > applications or guests to use io_uring queues. > > The first patch changes io_uring_register(2) opcodes into an enumeration to > keep track of the last opcode available. > > The second patch adds IOURING_REGISTER_RESTRICTIONS opcode and the code to > handle restrictions. > > The third patch adds IORING_SETUP_R_DISABLED flag to start the rings disabled, > allowing the user to register restrictions, buffers, files, before to start > processing SQEs. > > Comments and suggestions are very welcome. > > Thank you in advance, > Stefano > > [1] https://lore.kernel.org/io-uring/20200609142406.upuwpfmgqjeji4lc@steredha= > t/ > > Stefano Garzarella (3): > io_uring: use an enumeration for io_uring_register(2) opcodes > io_uring: add IOURING_REGISTER_RESTRICTIONS opcode > io_uring: allow disabling rings during the creation > > fs/io_uring.c | 160 ++++++++++++++++++++++++++++++++-- > include/uapi/linux/io_uring.h | 60 ++++++++++--- > 2 files changed, 203 insertions(+), 17 deletions(-) > > --=20 > 2.26.2 >