From: Al Viro <[email protected]>
To: Jens Axboe <[email protected]>
Cc: Christian Brauner <[email protected]>,
Stefan Roesch <[email protected]>,
[email protected], [email protected],
[email protected], [email protected]
Subject: Re: [PATCH v10 4/5] io_uring: add fsetxattr and setxattr support
Date: Thu, 30 Dec 2021 23:02:32 +0000 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On Thu, Dec 30, 2021 at 02:46:49PM -0800, Jens Axboe wrote:
> On 12/30/21 2:24 PM, Al Viro wrote:
> > On Thu, Dec 30, 2021 at 11:09:12AM -0800, Jens Axboe wrote:
> >
> >> For each command, there are two steps:
> >>
> >> - The prep of it, this happens inline from the system call where the
> >> request, or requests, are submitted. The prep phase should ensure that
> >> argument structs are stable. Hence a caller can prep a request and
> >> have memory on stack, as long as it submits before it becomes invalid.
> >> An example of that are iovecs for readv/writev. The caller does not
> >> need to have them stable for the duration of the request, just across
> >> submit. That's the io_${cmd}_prep() helpers.
> >>
> >> - The execution of it. May be separate from prep and from an async
> >> worker. Where the lower layers don't support a nonblocking attempt,
> >> they are always done async. The statx stuff is an example of that.
> >>
> >> Hence prep needs to copy from userland on the prep side always for the
> >> statx family, as execution will happen out-of-line from the submission.
> >>
> >> Does that explain it?
> >
> > The actual call chain leading to filename_lookup() is, AFAICS, this:
> > io_statx()
> > do_statx()
> > vfs_statx()
> > user_path_at()
> > user_path_at_empty()
> > filename_lookup()
> >
> > If you are providing such warranties for the contents of pathname
> > arguments, you have a bug in statx in the mainline. If you are not,
> > there's no point in doing getname() in getxattr prep.
>
> Not for the filename lookup, as I said it's for data passed in. There
> are no guarantees on filename lookup, that happens when it gets
> executed. See mentioned example on iovec and readv/writev.
s/filename_lookup/getname_flags/, sorry.
Again, statx support does both the copyin and pathname resolution *after*
prep, from io_statx(). They are not separated - io_statx() pass the userland
pointer to user_path_at_empty(), which does all the work. So if a pathname
you'd passed had been in a local array and you return right after submitting
a request, you will end up with io_statx() fetching random garbage.
This patchset is different - for getxattr you have getname done in prep,
with resulting struct filename kept around until the actual work is to
be done. That's precisely the reason why the first patch in the series
introduces a user_path_at_empty() variant that takes a struct filename,
with the pathname contents already copied in.
IOW, why is user_path_at_empty() good for statx, but not for getxattr?
What's the difference?
Do you treat the pathname contents (string in userland memory, that is)
same way your writev support treats iovec array (caller may discard it
as soon as syscall returns) or the same way it treats the actual data
to be written (caller is responsible for keeping it around until the
operation reports completion)?
next prev parent reply other threads:[~2021-12-30 23:02 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-29 20:29 [PATCH v10 0/5] io_uring: add xattr support Stefan Roesch
2021-12-29 20:29 ` [PATCH v10 1/5] fs: split off do_user_path_at_empty from user_path_at_empty() Stefan Roesch
2021-12-30 0:49 ` Al Viro
2021-12-30 19:57 ` Stefan Roesch
2021-12-29 20:29 ` [PATCH v10 2/5] fs: split off setxattr_copy and do_setxattr function from setxattr Stefan Roesch
2021-12-30 1:15 ` Al Viro
2021-12-30 9:41 ` Christian Brauner
2021-12-30 19:57 ` Stefan Roesch
2021-12-29 20:30 ` [PATCH v10 3/5] fs: split off do_getxattr from getxattr Stefan Roesch
2021-12-29 20:30 ` [PATCH v10 4/5] io_uring: add fsetxattr and setxattr support Stefan Roesch
2021-12-30 1:58 ` Al Viro
2021-12-30 2:17 ` Al Viro
2021-12-30 2:19 ` Al Viro
2021-12-30 3:04 ` Al Viro
2021-12-30 10:12 ` Christian Brauner
2021-12-30 16:16 ` Al Viro
2021-12-30 18:01 ` Christian Brauner
2021-12-30 19:09 ` Jens Axboe
2021-12-30 22:24 ` Al Viro
2021-12-30 22:46 ` Jens Axboe
2021-12-30 23:02 ` Al Viro [this message]
2021-12-30 20:18 ` Stefan Roesch
2021-12-29 20:30 ` [PATCH v10 5/5] io_uring: add fgetxattr and getxattr support Stefan Roesch
2021-12-30 1:41 ` Al Viro
2021-12-30 1:46 ` Al Viro
2021-12-30 20:01 ` Stefan Roesch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox