From: Ming Lei <ming.lei@redhat.com>
To: Keith Busch <kbusch@kernel.org>
Cc: Pavel Begunkov <asml.silence@gmail.com>,
Jens Axboe <axboe@kernel.dk>,
io-uring@vger.kernel.org,
Caleb Sander Mateos <csander@purestorage.com>
Subject: Re: [PATCH] io_uring: zero remained bytes when reading to fixed kernel buffer
Date: Sun, 23 Mar 2025 07:58:06 +0800 [thread overview]
Message-ID: <Z99OjrbmfBQxC3kt@fedora> (raw)
In-Reply-To: <Z9741KU2Fz7J0NSq@kbusch-mbp>
On Sat, Mar 22, 2025 at 11:52:20AM -0600, Keith Busch wrote:
> On Sat, Mar 22, 2025 at 09:50:37PM +0800, Ming Lei wrote:
> > On Sat, Mar 22, 2025 at 12:02:02PM +0000, Pavel Begunkov wrote:
> > > On 3/22/25 07:56, Ming Lei wrote:
> > > > So far fixed kernel buffer is only used for FS read/write, in which
> > > > the remained bytes need to be zeroed in case of short read, otherwise
> > > > kernel data may be leaked to userspace.
> > >
> > > Can you remind me, how that can happen? Normally, IIUC, you register
> > > a request filled with user pages, so no kernel data there. Is it some
> > > bounce buffers?
> >
> > For direct io, it is filled with user pages, but it can be buffered IO,
> > and the page can be mapped to userspace.
>
> I may missing something here because that doesn't sound specific to
> kernel registered bvecs. Is page cache memory not already zeroed out to
> protect against short reads?
Not sure if mm/fs will do that for short read.
At least some drivers do zero data for short read, such as loop,
erofs_fileio_ki_complete(), null_blk...
>
> I can easily wire up a flakey device that won't fill the requested
> memory. What do I need to do to observe this data leak?
You can observe non-zero data in this way.
Wrt. zero copy, the device need to be trusted, that is why both USER_COPY
and ZERO_COPY features can't be available for unprivileged mode.
Thinking of further, this patch isn't needed because ublk driver does
handle short READ by requeuing request.
Thanks,
Ming
next prev parent reply other threads:[~2025-03-22 23:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-22 7:56 [PATCH] io_uring: zero remained bytes when reading to fixed kernel buffer Ming Lei
2025-03-22 12:02 ` Pavel Begunkov
2025-03-22 13:50 ` Ming Lei
2025-03-22 17:52 ` Keith Busch
2025-03-22 18:21 ` Pavel Begunkov
2025-03-22 23:58 ` Ming Lei [this message]
2025-03-22 18:15 ` Pavel Begunkov
2025-03-22 18:10 ` Caleb Sander Mateos
2025-03-23 0:08 ` Ming Lei
2025-03-23 15:55 ` Caleb Sander Mateos
2025-03-24 0:26 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z99OjrbmfBQxC3kt@fedora \
--to=ming.lei@redhat.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=csander@purestorage.com \
--cc=io-uring@vger.kernel.org \
--cc=kbusch@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox