From: Pavel Begunkov <[email protected]>
To: Stefan Metzmacher <[email protected]>, Jens Axboe <[email protected]>
Cc: io-uring <[email protected]>,
Linux API Mailing List <[email protected]>
Subject: Re: IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()?
Date: Wed, 29 Jan 2020 16:41:18 +0300 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 1/29/2020 4:11 PM, Stefan Metzmacher wrote:
> Am 29.01.20 um 11:17 schrieb Pavel Begunkov:
>> On 29/01/2020 03:54, Jens Axboe wrote:
>>> On 1/28/20 5:24 PM, Jens Axboe wrote:
>>>> On 1/28/20 5:21 PM, Pavel Begunkov wrote:
>>>>> On 29/01/2020 03:20, Jens Axboe wrote:
>>>>>> On 1/28/20 5:10 PM, Pavel Begunkov wrote:
>>>>>>>>>> Checked out ("don't use static creds/mm assignments")
>>>>>>>>>>
>>>>>>>>>> 1. do we miscount cred refs? We grab one in get_current_cred() for each async
>>>>>>>>>> request, but if (worker->creds != work->creds) it will never be put.
>>>>>>>>>
>>>>>>>>> Yeah I think you're right, that needs a bit of fixing up.
>>>>>>>>
>>>>>>>
>>>>>>> Hmm, it seems it leaks it unconditionally, as it grabs in a ref in
>>>>>>> override_creds().
>>>>>>>
>>>>>>
>>>>>> We grab one there, and an extra one. Then we drop one of them inline,
>>>>>> and the other in __io_req_aux_free().
>>>>>>
>>>>> Yeah, with the last patch it should make it even
>>>>
>>>> OK good we agree on that. I should probably pull back that bit to the
>>>> original patch to avoid having a hole in there...
>>>
>>> Done
>>>
>>
>> ("io_uring/io-wq: don't use static creds/mm assignments") and ("io_uring:
>> support using a registered personality for commands") looks good now.
>>
>> Reviewed-by: Pavel Begunkov <[email protected]>
>
>
> I'm very happy with the design, thanks!
> That exactly what I had in mind:-)
>
> It would also work with IORING_SETUP_SQPOLL, correct?
>
Yep
> However I think there're a few things to improve/simplify.
>
Since 5.6 is already semi-open, it'd be great to have an incremental
patch for that. I'll retoss things as usual, if nobody do it before.
>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=a26d26412e1e1783473f9dc8f030c3af3d54b1a6
>
> In fs/io_uring.c mmgrab() and get_current_cred() are used together in
> two places, why is put_cred() called in __io_req_aux_free while
> mmdrop() is called from io_put_work(). I think both should be called
> in io_put_work(), that makes the code much easier to understand.
>
> My guess is that you choose __io_req_aux_free() for put_cred() because
> of the following patches, but I'll explain on the other commit
> why it's not needed.
>
>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=d9db233adf034bd7855ba06190525e10a05868be
>
> A minor one would be starting with 1 instead of 0 and using
> idr_alloc_cyclic() in order to avoid immediate reuse of ids.
> That way we could include the id in the tracing message and
> 0 would mean the current creds were used.
>
>> +static int io_remove_personalities(int id, void *p, void *data)
>> +{
>> + struct io_ring_ctx *ctx = data;
>> +
>> + idr_remove(&ctx->personality_idr, id);
>
> Here we need something like:
> put_creds((const struct cred *)p);
Good catch
>
>> + return 0;
>> +}
>
>
> The io_uring_register() calles would look like this, correct?
>
> id = io_uring_register(ring_fd, IORING_REGISTER_PERSONALITY, NULL, 0);
> io_uring_register(ring_fd, IORING_UNREGISTER_PERSONALITY, NULL, id);
>
>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=eec9e69e0ad9ad364e1b6a5dfc52ad576afee235
>> +
>> + if (sqe_flags & IOSQE_PERSONALITY) {
>> + int id = READ_ONCE(sqe->personality);
>> +
>> + req->work.creds = idr_find(&ctx->personality_idr, id);
>> + if (unlikely(!req->work.creds)) {
>> + ret = -EINVAL;
>> + goto err_req;
>> + }
>> + get_cred(req->work.creds);> + old_creds = override_creds(req->work.creds);
>> + }
>> +
>
> Here we could use a helper variable
> const struct cred *personality_creds;
> and leave req->work.creds as NULL.
> It means we can avoid the explicit get_cred() call
> and can skip the following hunk too:
>
>> @@ -3977,7 +3977,8 @@ static int io_req_defer_prep(struct io_kiocb *req,
>> mmgrab(current->mm);
>> req->work.mm = current->mm;
>> }
>> - req->work.creds = get_current_cred();
>> + if (!req->work.creds)
>> + req->work.creds = get_current_cred();
>>
>> switch (req->opcode) {
>> case IORING_OP_NOP:
>
> The override_creds(personality_creds) has changed current->cred
> and get_current_cred() will just pick it up as in the default case.
>
> This would make the patch much simpler and allows put_cred() to be
> in io_put_work() instead of __io_req_aux_free() as explained above.
>
It's one extra get_current_cred(). I'd prefer to find another way to
clean this up.
--
Pavel Begunkov
next prev parent reply other threads:[~2020-01-29 13:41 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-28 10:18 IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()? Stefan Metzmacher
2020-01-28 16:10 ` Jens Axboe
2020-01-28 16:17 ` Stefan Metzmacher
2020-01-28 16:19 ` Jens Axboe
2020-01-28 17:19 ` Jens Axboe
2020-01-28 18:04 ` Jens Axboe
2020-01-28 19:42 ` Jens Axboe
2020-01-28 20:16 ` Pavel Begunkov
2020-01-28 20:19 ` Jens Axboe
2020-01-28 20:50 ` Pavel Begunkov
2020-01-28 20:56 ` Jens Axboe
2020-01-28 21:25 ` Christian Brauner
2020-01-28 22:38 ` Pavel Begunkov
2020-01-28 23:36 ` Pavel Begunkov
2020-01-28 23:40 ` Jens Axboe
2020-01-28 23:51 ` Jens Axboe
2020-01-29 0:10 ` Pavel Begunkov
2020-01-29 0:15 ` Jens Axboe
2020-01-29 0:18 ` Jens Axboe
2020-01-29 0:20 ` Jens Axboe
2020-01-29 0:21 ` Pavel Begunkov
2020-01-29 0:24 ` Jens Axboe
2020-01-29 0:54 ` Jens Axboe
2020-01-29 10:17 ` Pavel Begunkov
2020-01-29 13:11 ` Stefan Metzmacher
2020-01-29 13:41 ` Pavel Begunkov [this message]
2020-01-29 13:56 ` Stefan Metzmacher
2020-01-29 14:23 ` Pavel Begunkov
2020-01-29 14:27 ` Stefan Metzmacher
2020-01-29 14:34 ` Pavel Begunkov
2020-01-29 17:34 ` Jens Axboe
2020-01-29 17:42 ` Jens Axboe
2020-01-29 20:09 ` Stefan Metzmacher
2020-01-29 20:48 ` Jens Axboe
2020-01-29 17:46 ` Pavel Begunkov
2020-01-29 14:59 ` Jann Horn
2020-01-29 17:34 ` Jens Axboe
2020-01-30 1:08 ` Jens Axboe
2020-01-30 2:20 ` Jens Axboe
2020-01-30 3:18 ` Jens Axboe
2020-01-30 6:53 ` Stefan Metzmacher
2020-01-30 10:11 ` Jann Horn
2020-01-30 10:26 ` Christian Brauner
2020-01-30 14:11 ` Jens Axboe
2020-01-30 14:47 ` Stefan Metzmacher
2020-01-30 15:34 ` Jens Axboe
2020-01-30 15:13 ` Christian Brauner
2020-01-30 15:29 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox