lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZDvFEkRo+yor7FM+@ovpn-8-16.pek2.redhat.com>
Date:   Sun, 16 Apr 2023 17:51:14 +0800
From:   Ming Lei <ming.lei@...hat.com>
To:     Pavel Begunkov <asml.silence@...il.com>
Cc:     Breno Leitao <leitao@...ian.org>, axboe@...nel.dk,
        davem@...emloft.net, dccp@...r.kernel.org, dsahern@...nel.org,
        edumazet@...gle.com, io-uring@...r.kernel.org, kuba@...nel.org,
        leit@...com, linux-kernel@...r.kernel.org,
        marcelo.leitner@...il.com, matthieu.baerts@...sares.net,
        mptcp@...ts.linux.dev, netdev@...r.kernel.org, pabeni@...hat.com,
        willemdebruijn.kernel@...il.com, ming.lei@...hat.com
Subject: Re: [PATCH RFC] io_uring: Pass whole sqe to commands

On Fri, Apr 14, 2023 at 03:56:47PM +0100, Pavel Begunkov wrote:
> On 4/14/23 14:59, Ming Lei wrote:
> [...]
> > > > Will this kind of inconsistency cause trouble for driver? Cause READ
> > > > TWICE becomes possible with this patch.
> > > 
> > > Right it might happen, and I was keeping that in mind, but it's not
> > > specific to this patch. It won't reload core io_uring bits, and all
> > 
> > It depends if driver reloads core bits or not, anyway the patch exports
> > all fields and opens the window.
> 
> If a driver tries to reload core bits and even worse modify io_uring
> request without proper helpers, it should be rooted out and thrown
> into a bin. In any case cmds are expected to exercise cautiousness
> while working with SQEs as they may change. I'd even argue that
> hiding it as void *cmd makes it much less obvious.

Fair enough, if it is well documented, then people will know these
problems and any change in this area can get careful review.


Thanks, 
Ming

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ