From: Jens Axboe <[email protected]>
To: Stefan Metzmacher <[email protected]>
Cc: io-uring <[email protected]>,
Linux API Mailing List <[email protected]>
Subject: Re: IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()?
Date: Tue, 28 Jan 2020 09:10:28 -0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 1/28/20 3:18 AM, Stefan Metzmacher wrote:
> Hi Jens,
>
> now that we have IORING_FEAT_CUR_PERSONALITY...
>
> How can we optimize the fileserver case now, in order to avoid the
> overhead of always calling 5 syscalls before io_uring_enter()?:
>
> /* gain root again */
> setresuid(-1,0,-1); setresgid(-1,0,-1)
> /* impersonate the user with groups */
> setgroups(num, grps); setresgid(-1,gid,-1); setresuid(-1,uid,-1);
> /* trigger the operation */
> io_uring_enter();
>
> I guess some kind of IORING_REGISTER_CREDS[_UPDATE] would be
> good, together with a IOSQE_FIXED_CREDS in order to specify
> credentials per operation.
>
> Or we make it much more generic and introduce a credsfd_create()
> syscall in order to get an fd for a credential handle, maybe
> together with another syscall to activate the credentials of
> the current thread (or let a write to the fd trigger the activation
> in order to avoid an additional syscall number).
>
> Having just an fd would allow IORING_REGISTER_CREDS[_UPDATE]
> to be just an array of int values instead of a more complex
> structure to define the credentials.
I'd rather avoid having to add more infrastructure for this, even if
credsfd_create() would be nifty.
With that in mind, something like:
- Application does IORING_REGISTER_CREDS, which returns some index
- Add a IORING_OP_USE_CREDS opcode, which sets the creds associated
with dependent commands
- Actual request is linked to the IORING_OP_USE_CREDS command, any
link off IORING_OP_USE_CREDS will use those credentials
- IORING_UNREGISTER_CREDS removes the registered creds
Just throwing that out there, definitely willing to entertain other
methods that make sense for this. Trying to avoid needing to put this
information in the SQE itself, hence the idea to use a chain of links
for it.
The downside is that we'll need to maintain an array of key -> creds,
but that's probably not a big deal.
What do you think? Ideally I'd like to get this done for 5.6 even if we
are a bit late, so you'll have everything you need with that release.
--
Jens Axboe
next prev parent reply other threads:[~2020-01-28 16:10 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-28 10:18 IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()? Stefan Metzmacher
2020-01-28 16:10 ` Jens Axboe [this message]
2020-01-28 16:17 ` Stefan Metzmacher
2020-01-28 16:19 ` Jens Axboe
2020-01-28 17:19 ` Jens Axboe
2020-01-28 18:04 ` Jens Axboe
2020-01-28 19:42 ` Jens Axboe
2020-01-28 20:16 ` Pavel Begunkov
2020-01-28 20:19 ` Jens Axboe
2020-01-28 20:50 ` Pavel Begunkov
2020-01-28 20:56 ` Jens Axboe
2020-01-28 21:25 ` Christian Brauner
2020-01-28 22:38 ` Pavel Begunkov
2020-01-28 23:36 ` Pavel Begunkov
2020-01-28 23:40 ` Jens Axboe
2020-01-28 23:51 ` Jens Axboe
2020-01-29 0:10 ` Pavel Begunkov
2020-01-29 0:15 ` Jens Axboe
2020-01-29 0:18 ` Jens Axboe
2020-01-29 0:20 ` Jens Axboe
2020-01-29 0:21 ` Pavel Begunkov
2020-01-29 0:24 ` Jens Axboe
2020-01-29 0:54 ` Jens Axboe
2020-01-29 10:17 ` Pavel Begunkov
2020-01-29 13:11 ` Stefan Metzmacher
2020-01-29 13:41 ` Pavel Begunkov
2020-01-29 13:56 ` Stefan Metzmacher
2020-01-29 14:23 ` Pavel Begunkov
2020-01-29 14:27 ` Stefan Metzmacher
2020-01-29 14:34 ` Pavel Begunkov
2020-01-29 17:34 ` Jens Axboe
2020-01-29 17:42 ` Jens Axboe
2020-01-29 20:09 ` Stefan Metzmacher
2020-01-29 20:48 ` Jens Axboe
2020-01-29 17:46 ` Pavel Begunkov
2020-01-29 14:59 ` Jann Horn
2020-01-29 17:34 ` Jens Axboe
2020-01-30 1:08 ` Jens Axboe
2020-01-30 2:20 ` Jens Axboe
2020-01-30 3:18 ` Jens Axboe
2020-01-30 6:53 ` Stefan Metzmacher
2020-01-30 10:11 ` Jann Horn
2020-01-30 10:26 ` Christian Brauner
2020-01-30 14:11 ` Jens Axboe
2020-01-30 14:47 ` Stefan Metzmacher
2020-01-30 15:34 ` Jens Axboe
2020-01-30 15:13 ` Christian Brauner
2020-01-30 15:29 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox