Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp4195810pxk; Tue, 8 Sep 2020 13:14:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJykJ0X5sdYltK6M4irT6PeaMH0r1+rXi2AXFdKPUCMOAy+4pTvLCozbZELBKpjvu7xTnjL1 X-Received: by 2002:aa7:c053:: with SMTP id k19mr760165edo.326.1599596051849; Tue, 08 Sep 2020 13:14:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599596051; cv=none; d=google.com; s=arc-20160816; b=i0oixs0odFcpF8nyVPc5iT17TGe5OxaM2F/OiqqiMHTOUtk2AIpP/Mpl4RM7BDsgH4 XmORW4GW8GgapES/nPIvPVjNY5x7pDuhIqDtbQIgEL6fhRJRhzO5JyYD64bQHzac8Xvg 4no3FwlEcAYJcmkpVtDBGL4hX53YahI5Ok1qJTVX+nmZjWjzAk0mPQWwb/dp8rXDOkmh NxaB+lL20ppbrYvYvVjCHZNdTts1iDKB1I7PHCySluj6/yX3h9wCWXnIuLSeP2HxcRvP dZPRLgnldHnLGHgxQrGoV1ewCrnyeucuOUbc/VjlGekEO85AJFSe1RoowCOm0OrpGtbO UTuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=lLPV/2TbMLCWwjxZmMjGQAv9RQQ5QdmKtS2Q2m060x4=; b=UglLC5GAt3n66duE5K0mw++lr/RDOtCdpGGsqYaKFfM3yzWzq52AWfQ5OCw21fVgyO rMhIMcheWKr2e14zSvCUuLAYX6z8RHbwtKoloPBVXFbtiiaQlQenFYiTk6mjIvSUmRyg qJMlZXhQICmiWCqZ0K+SkPuWhjdlETV871vF9f4smWhhqWTZZpfHnonDkzup9SpaCl9Y /+mpwrL6W10A/losiOavuy0+LiCm1nf/rKu78QRO0I8vVgmtSbn8b2AdbEUAymphvqQw LKVXH6TD2UbfSQdwK1KwAu/tGhF4EzdXghyk3LFS7tVbJSYnXQMoWQr1frImlWsXrNfT RLsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=uJazPLWe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b5si24189ejq.317.2020.09.08.13.13.48; Tue, 08 Sep 2020 13:14:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=uJazPLWe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730695AbgIHUNH (ORCPT + 99 others); Tue, 8 Sep 2020 16:13:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729990AbgIHPLM (ORCPT ); Tue, 8 Sep 2020 11:11:12 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD28DC0619EC for ; Tue, 8 Sep 2020 06:57:14 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id h4so17169243ioe.5 for ; Tue, 08 Sep 2020 06:57:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=lLPV/2TbMLCWwjxZmMjGQAv9RQQ5QdmKtS2Q2m060x4=; b=uJazPLWezWgC/PxcgavzXTzULVjK+HH/0rnfAycuhBQCpgkDFk/fvQpqKS7RzEpiXG ERAROiLm7VLunZJpzttkIeY7b1VyZ7vdAdTmly29bZuLWeEEHdxvjUkOpVL/XgnAQLYP U563XLl1LCPU1Vs+xCapjB1tF5YvK5Li0o6rXx6tkcIIdFWG/q5TU59d1Vbfyhey0Iqk FjDr8t0q6o0KqVSUzgviXQkWRhNR4U26NzOXYB0n6lNBNEhD4nJZeQCKGy7YfpsuHGrd n/zLgKw2/0PIclu34Gpdgs81l5h979bDDAONUe9gK227ECpK+s8PjAKkmwpLLY/KXPFR 17Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=lLPV/2TbMLCWwjxZmMjGQAv9RQQ5QdmKtS2Q2m060x4=; b=YFMCQzl9vfK27MG9rsHJD9t650DpdRaZ3ZOc3hAuJV2HvbOApfz645XXoeZUgwnnOZ Puo5frVbiOHsq+YeFOALxUa4ULPBw1/IqS+15K5Ory0dvwm6ij43WOYjKRAtRQe5Z6qp JcjAWUk88xiq3gTFBb5xMDgCX2H8JjagSYiaEq61hCYONw7bKT2W+fus+aYQyWkMzfA1 NCWVQm+dmMaEb83EXhk3qeSzqAugNzfSW7VuB6b450nxXsNRm5KIRA90g8i0sVky2Joj JGiOhJaw2TYl+d7qhKU45oVOF2z3wt2OsaRwWRD9GelHbj2Y3yAS6Z6lh4ZkAjBKz6F/ lIIg== X-Gm-Message-State: AOAM532xtG8Vvy0fitN/Ph2j+Hv84/xC5zy2ZoVLUTHddZM5bnjp6Cru S38w1opIkGgXevaLgixqrDlMmw== X-Received: by 2002:a6b:c8d6:: with SMTP id y205mr527426iof.177.1599573430313; Tue, 08 Sep 2020 06:57:10 -0700 (PDT) Received: from [192.168.1.10] ([65.144.74.34]) by smtp.gmail.com with ESMTPSA id e28sm10512528ill.79.2020.09.08.06.57.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 08 Sep 2020 06:57:09 -0700 (PDT) Subject: Re: [PATCH v6 3/3] io_uring: allow disabling rings during the creation To: Stefano Garzarella Cc: Kernel Hardening , Christian Brauner , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, Alexander Viro , Stefan Hajnoczi , Jann Horn , Jeff Moyer , Aleksa Sarai , Sargun Dhillon , linux-kernel@vger.kernel.org, Kees Cook References: <20200827145831.95189-1-sgarzare@redhat.com> <20200827145831.95189-4-sgarzare@redhat.com> <20200908134448.sg7evdrfn6xa67sn@steredhat> From: Jens Axboe Message-ID: <045e0907-4771-0b7f-d52a-4af8197e6954@kernel.dk> Date: Tue, 8 Sep 2020 07:57:08 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200908134448.sg7evdrfn6xa67sn@steredhat> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/8/20 7:44 AM, Stefano Garzarella wrote: > Hi Jens, > > On Thu, Aug 27, 2020 at 04:58:31PM +0200, Stefano Garzarella wrote: >> This patch adds a new IORING_SETUP_R_DISABLED flag to start the >> rings disabled, allowing the user to register restrictions, >> buffers, files, before to start processing SQEs. >> >> When IORING_SETUP_R_DISABLED is set, SQE are not processed and >> SQPOLL kthread is not started. >> >> The restrictions registration are allowed only when the rings >> are disable to prevent concurrency issue while processing SQEs. >> >> The rings can be enabled using IORING_REGISTER_ENABLE_RINGS >> opcode with io_uring_register(2). >> >> Suggested-by: Jens Axboe >> Reviewed-by: Kees Cook >> Signed-off-by: Stefano Garzarella >> --- >> v4: >> - fixed io_uring_enter() exit path when ring is disabled >> >> v3: >> - enabled restrictions only when the rings start >> >> RFC v2: >> - removed return value of io_sq_offload_start() >> --- >> fs/io_uring.c | 52 ++++++++++++++++++++++++++++++----- >> include/uapi/linux/io_uring.h | 2 ++ >> 2 files changed, 47 insertions(+), 7 deletions(-) >> >> diff --git a/fs/io_uring.c b/fs/io_uring.c >> index 5f62997c147b..b036f3373fbe 100644 >> --- a/fs/io_uring.c >> +++ b/fs/io_uring.c >> @@ -226,6 +226,7 @@ struct io_restriction { >> DECLARE_BITMAP(sqe_op, IORING_OP_LAST); >> u8 sqe_flags_allowed; >> u8 sqe_flags_required; >> + bool registered; >> }; >> >> struct io_ring_ctx { >> @@ -7497,8 +7498,8 @@ static int io_init_wq_offload(struct io_ring_ctx *ctx, >> return ret; >> } >> >> -static int io_sq_offload_start(struct io_ring_ctx *ctx, >> - struct io_uring_params *p) >> +static int io_sq_offload_create(struct io_ring_ctx *ctx, >> + struct io_uring_params *p) >> { >> int ret; >> >> @@ -7532,7 +7533,6 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx, >> ctx->sqo_thread = NULL; >> goto err; >> } >> - wake_up_process(ctx->sqo_thread); >> } else if (p->flags & IORING_SETUP_SQ_AFF) { >> /* Can't have SQ_AFF without SQPOLL */ >> ret = -EINVAL; >> @@ -7549,6 +7549,12 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx, >> return ret; >> } >> >> +static void io_sq_offload_start(struct io_ring_ctx *ctx) >> +{ >> + if ((ctx->flags & IORING_SETUP_SQPOLL) && ctx->sqo_thread) >> + wake_up_process(ctx->sqo_thread); >> +} >> + >> static inline void __io_unaccount_mem(struct user_struct *user, >> unsigned long nr_pages) >> { >> @@ -8295,6 +8301,9 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, >> if (!percpu_ref_tryget(&ctx->refs)) >> goto out_fput; >> >> + if (ctx->flags & IORING_SETUP_R_DISABLED) >> + goto out_fput; >> + > > While writing the man page paragraph, I discovered that if the rings are > disabled I returned ENXIO error in io_uring_enter(), coming from the previous > check. > > I'm not sure it is the best one, maybe I can return EBADFD or another > error. > > What do you suggest? EBADFD seems indeed the most appropriate - the fd is valid, but not in the right state to do this. > I'll add a test for this case. Thanks! -- Jens Axboe