| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Apr 2023 17:51:14 +0800
From: Ming Lei <ming.lei@...hat.com>
To: Pavel Begunkov <asml.silence@...il.com>
Cc: Breno Leitao <leitao@...ian.org>, axboe@...nel.dk,
davem@...emloft.net, dccp@...r.kernel.org, dsahern@...nel.org,
edumazet@...gle.com, io-uring@...r.kernel.org, kuba@...nel.org,
leit@...com, linux-kernel@...r.kernel.org,
marcelo.leitner@...il.com, matthieu.baerts@...sares.net,
mptcp@...ts.linux.dev, netdev@...r.kernel.org, pabeni@...hat.com,
willemdebruijn.kernel@...il.com, ming.lei@...hat.com
Subject: Re: [PATCH RFC] io_uring: Pass whole sqe to commands
On Fri, Apr 14, 2023 at 03:56:47PM +0100, Pavel Begunkov wrote:
> On 4/14/23 14:59, Ming Lei wrote:
> [...]
> > > > Will this kind of inconsistency cause trouble for driver? Cause READ
> > > > TWICE becomes possible with this patch.
> > >
> > > Right it might happen, and I was keeping that in mind, but it's not
> > > specific to this patch. It won't reload core io_uring bits, and all
> >
> > It depends if driver reloads core bits or not, anyway the patch exports
> > all fields and opens the window.
>
> If a driver tries to reload core bits and even worse modify io_uring
> request without proper helpers, it should be rooted out and thrown
> into a bin. In any case cmds are expected to exercise cautiousness
> while working with SQEs as they may change. I'd even argue that
> hiding it as void *cmd makes it much less obvious.
Fair enough, if it is well documented, then people will know these
problems and any change in this area can get careful review.
Thanks,
Ming
Powered by blists - more mailing lists