Re: IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()?

[Stefan Metzmacher <metze@samba.org>]

[-- Attachment #1.1: Type: text/plain, Size: 2515 bytes --]

Am 28.01.20 um 17:10 schrieb Jens Axboe:
> On 1/28/20 3:18 AM, Stefan Metzmacher wrote:
>> Hi Jens,
>>
>> now that we have IORING_FEAT_CUR_PERSONALITY...
>>
>> How can we optimize the fileserver case now, in order to avoid the
>> overhead of always calling 5 syscalls before io_uring_enter()?:
>>
>>  /* gain root again */
>>  setresuid(-1,0,-1); setresgid(-1,0,-1)
>>  /* impersonate the user with groups */
>>  setgroups(num, grps); setresgid(-1,gid,-1); setresuid(-1,uid,-1);
>>  /* trigger the operation */
>>  io_uring_enter();
>>
>> I guess some kind of IORING_REGISTER_CREDS[_UPDATE] would be
>> good, together with a IOSQE_FIXED_CREDS in order to specify
>> credentials per operation.
>>
>> Or we make it much more generic and introduce a credsfd_create()
>> syscall in order to get an fd for a credential handle, maybe
>> together with another syscall to activate the credentials of
>> the current thread (or let a write to the fd trigger the activation
>> in order to avoid an additional syscall number).
>>
>> Having just an fd would allow IORING_REGISTER_CREDS[_UPDATE]
>> to be just an array of int values instead of a more complex
>> structure to define the credentials.
> 
> I'd rather avoid having to add more infrastructure for this, even if
> credsfd_create() would be nifty.
> 
> With that in mind, something like:
> 
> - Application does IORING_REGISTER_CREDS, which returns some index
>
> - Add a IORING_OP_USE_CREDS opcode, which sets the creds associated
>   with dependent commands
> - Actual request is linked to the IORING_OP_USE_CREDS command, any
>   link off IORING_OP_USE_CREDS will use those credentials

Using links for this sounds ok.

> - IORING_UNREGISTER_CREDS removes the registered creds
> 
> Just throwing that out there, definitely willing to entertain other
> methods that make sense for this. Trying to avoid needing to put this
> information in the SQE itself, hence the idea to use a chain of links
> for it.
> 
> The downside is that we'll need to maintain an array of key -> creds,
> but that's probably not a big deal.
> 
> What do you think?

So IORING_REGISTER_CREDS would be a simple operation that just takes a
snapshot of the current_cred() and returns an id that can be passed to
IORING_OP_USE_CREDS or IORING_UNREGISTER_CREDS?

> Ideally I'd like to get this done for 5.6 even if we
> are a bit late, so you'll have everything you need with that release.

That would be great!

Thanks!
metze


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]