From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FC06C2D0DB for ; Mon, 27 Jan 2020 23:00:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 512362467F for ; Mon, 27 Jan 2020 23:00:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=kernel-dk.20150623.gappssmtp.com header.i=@kernel-dk.20150623.gappssmtp.com header.b="0GrrG5FK" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726267AbgA0XA5 (ORCPT ); Mon, 27 Jan 2020 18:00:57 -0500 Received: from mail-pj1-f65.google.com ([209.85.216.65]:34256 "EHLO mail-pj1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726164AbgA0XA5 (ORCPT ); Mon, 27 Jan 2020 18:00:57 -0500 Received: by mail-pj1-f65.google.com with SMTP id f2so150454pjq.1 for ; Mon, 27 Jan 2020 15:00:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=4MOBBVS02V5W2bLmikPqriQqxXuCV0tiwehdq3Ohwx8=; b=0GrrG5FKkP7xs3pTyP1q/E+XW6dgmdrot8+pqLLBZjxBOZQYf/3te6PeZHpAE6ZXYy RA0lEmkNb244cOF1Xs3hurq63PvqqqujyRcowKqE5AHlZwaKOfzVUgTm35dDKfoMWfOZ 42jDZ/bAZyPEK/E9mJ1mpP8CqRGhc40AJ+Fe4Z5SOgTxI6cm8q6dqbWLLhGLH3f4HVXL UX0Bh/ls+cBuxw6/GkZvLR/oJG2VlvwPGS/v+cG4GyqTDvQmLcXFVJZibLcESX4IO1Aj vCiYpaR+muNWg5iDKJ8IlvSIKycPu17mMz+z7UhwW6snOze5kQN27bPkEQwoL9oj4CPp YYww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=4MOBBVS02V5W2bLmikPqriQqxXuCV0tiwehdq3Ohwx8=; b=lH8HW0NcetPtZuIfvIgF+2HlheBoyNzRaAkBi9KYxG1FlEuTWkxIfcN36scEGD3V8n ywjO8Bg7RoGItM54cVf82+ZTsiAq4dkjQZVHdtjfVgekZAxjSYH5KfHkpfN9cV/YjXuA Ti3Bc4Mv62xrDgIP5kCXr6TZQGMWGDykBfq5L6WY/Ojy47hyt87NwfA2Z1xNvsbPUVdO v77H00i9b5awICYcnHNKdGBDP/Dl4r5WITO1mwhyNWWBychm97Od+U52386NSOvyB9FX JjAgAA5WQxks9qA2MOVSAGNbSsu7+auh7p1sh4QFCLajjb1RZ6NNIcENrKCkeCxhE9Bf oo7Q== X-Gm-Message-State: APjAAAW0ee4D0EbjVgl6aXd2OXBcdlW1hFRt87bFZ8lpiQ7DUmzerxhT Azqytnbq5hySbT0Cse0gjtb7kSWEbEQ= X-Google-Smtp-Source: APXvYqyb9GST/iZ58gUpe2B77k5xjApyRCCP+qAmFL0fgLCOV2x4gLiwU4vmbJ7hKUG5K2jRIQEJ5Q== X-Received: by 2002:a17:902:34a:: with SMTP id 68mr19127746pld.250.1580166055782; Mon, 27 Jan 2020 15:00:55 -0800 (PST) Received: from [192.168.1.188] ([66.219.217.145]) by smtp.gmail.com with ESMTPSA id a16sm17040412pgb.5.2020.01.27.15.00.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Jan 2020 15:00:55 -0800 (PST) Subject: Re: [PATCHSET 0/4] Add support for shared io-wq backends From: Jens Axboe To: Pavel Begunkov , Daurnimator Cc: io-uring@vger.kernel.org References: <20200123231614.10850-1-axboe@kernel.dk> <4917a761-6665-0aa2-0990-9122dfac007a@gmail.com> <694c2b6f-6b51-fd7b-751e-db87de90e490@kernel.dk> <92e92002-f803-819a-5f5e-44cf09e63c9b@kernel.dk> <3b3b5e03-2c7e-aa00-c1fd-3af8b2620d5e@gmail.com> <1b24da2d-dd92-608e-27b6-b827a728e7ab@kernel.dk> Message-ID: <18d3f936-c8d0-9bbb-6e9d-4c9ec579cfa4@kernel.dk> Date: Mon, 27 Jan 2020 16:00:53 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: io-uring-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: io-uring@vger.kernel.org On 1/27/20 3:40 PM, Jens Axboe wrote: > On 1/27/20 2:45 PM, Pavel Begunkov wrote: >> On 27/01/2020 23:33, Jens Axboe wrote: >>> On 1/27/20 7:07 AM, Pavel Begunkov wrote: >>>> On 1/27/2020 4:39 PM, Jens Axboe wrote: >>>>> On 1/27/20 6:29 AM, Pavel Begunkov wrote: >>>>>> On 1/26/2020 8:00 PM, Jens Axboe wrote: >>>>>>> On 1/26/20 8:11 AM, Pavel Begunkov wrote: >>>>>>>> On 1/26/2020 4:51 AM, Daurnimator wrote: >>>>>>>>> On Fri, 24 Jan 2020 at 10:16, Jens Axboe wrote: >>>>>> Ok. I can't promise it'll play handy for sharing. Though, you'll be out >>>>>> of space in struct io_uring_params soon anyway. >>>>> >>>>> I'm going to keep what we have for now, as I'm really not imagining a >>>>> lot more sharing - what else would we share? So let's not over-design >>>>> anything. >>>>> >>>> Fair enough. I prefer a ptr to an extendable struct, that will take the >>>> last u64, when needed. >>>> >>>> However, it's still better to share through file descriptors. It's just >>>> not secure enough the way it's now. >>> >>> Is the file descriptor value really a good choice? We just had some >>> confusion on ring sharing across forks. Not sure using an fd value >>> is a sane "key" to use across processes. >>> >> As I see it, the problem with @mm is that uring is dead-bound to it. >> For example, a process can create and send uring (e.g. via socket), >> and then be killed. And that basically means >> 1. @mm of the process is locked just because of the sent uring >> instance. >> 2. a process may have an io_uring, which bound to @mm of another >> process, even though the layouts may be completely different. >> >> File descriptors are different here, because io_uring doesn't know >> about them, They are controlled by the userspace (send, dup, fork, >> etc), and don't sabotage all isolation work done in the kernel. A dire >> example here is stealing io-wq from within a container, which is >> trivial with global self-made id. I would love to hear, if I am >> mistaken somewhere. >> >> Is there some better option? > > OK, so how about this: > > - We use the 'fd' as the lookup key. This makes it easy since we can > just check if it's a io_uring instance or not, we don't need to do any > tracking on the side. It also means that the application asking for > sharing must already have some relationship to the process that > created the ring. > > - mm/creds must be transferred through the work item. Any SQE done on > behalf of io_uring_enter() directly already has that, if punted we > must pass the creds and mm. This means we break the static setup of > io_wq->mm/creds. It also means that we probably have to add that to > io_wq_work, which kind of sucks, but... It'd fix Stefan's worry too. > I think with that we have a decent setup, that's also safe. I've dropped > the sharing patches for now, from the 5.6 tree. So one concern might be SQPOLL, it'll have to use the ctx creds and mm as usual. I guess that is ok. -- Jens Axboe