lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e152d8f0-6bf9-f658-f484-f7a18055a664@gmail.com>
Date:   Fri, 14 Apr 2023 15:56:47 +0100
From:   Pavel Begunkov <asml.silence@...il.com>
To:     Ming Lei <ming.lei@...hat.com>
Cc:     Breno Leitao <leitao@...ian.org>, axboe@...nel.dk,
        davem@...emloft.net, dccp@...r.kernel.org, dsahern@...nel.org,
        edumazet@...gle.com, io-uring@...r.kernel.org, kuba@...nel.org,
        leit@...com, linux-kernel@...r.kernel.org,
        marcelo.leitner@...il.com, matthieu.baerts@...sares.net,
        mptcp@...ts.linux.dev, netdev@...r.kernel.org, pabeni@...hat.com,
        willemdebruijn.kernel@...il.com
Subject: Re: [PATCH RFC] io_uring: Pass whole sqe to commands

On 4/14/23 14:59, Ming Lei wrote:
[...]
>>> Will this kind of inconsistency cause trouble for driver? Cause READ
>>> TWICE becomes possible with this patch.
>>
>> Right it might happen, and I was keeping that in mind, but it's not
>> specific to this patch. It won't reload core io_uring bits, and all
> 
> It depends if driver reloads core bits or not, anyway the patch exports
> all fields and opens the window.

If a driver tries to reload core bits and even worse modify io_uring
request without proper helpers, it should be rooted out and thrown
into a bin. In any case cmds are expected to exercise cautiousness
while working with SQEs as they may change. I'd even argue that
hiding it as void *cmd makes it much less obvious.

>> fields cmds use already have this problem.
> 
> driver is supposed to load cmds field just once too, right?

Ideally they shouldn't, but it's fine to reload as long as
the cmd can handle it. And it should always be READ_ONCE()
and so.

>> Unless there is a better option, the direction we'll be moving in is
>> adding a preparation step that should read and stash parts of SQE
>> it cares about, which should also make full SQE copy not
>> needed / optional.
> 
> Sounds good.

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ