Re: IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()?

[Jens Axboe <axboe@kernel.dk>]

On 1/29/20 10:34 AM, Jens Axboe wrote:
> On 1/29/20 7:59 AM, Jann Horn wrote:
>> On Tue, Jan 28, 2020 at 8:42 PM Jens Axboe <axboe@kernel.dk> wrote:
>>> On 1/28/20 11:04 AM, Jens Axboe wrote:
>>>> On 1/28/20 10:19 AM, Jens Axboe wrote:
>> [...]
>>>>> #1 adds support for registering the personality of the invoking task,
>>>>> and #2 adds support for IORING_OP_USE_CREDS. Right now it's limited to
>>>>> just having one link, it doesn't support a chain of them.
>> [...]
>>> I didn't like it becoming a bit too complicated, both in terms of
>>> implementation and use. And the fact that we'd have to jump through
>>> hoops to make this work for a full chain.
>>>
>>> So I punted and just added sqe->personality and IOSQE_PERSONALITY.
>>> This makes it way easier to use. Same branch:
>>>
>>> https://git.kernel.dk/cgit/linux-block/log/?h=for-5.6/io_uring-vfs-creds
>>>
>>> I'd feel much better with this variant for 5.6.
>>
>> Some general feedback from an inspectability/debuggability perspective:
>>
>> At some point, it might be nice if you could add a .show_fdinfo
>> handler to the io_uring_fops that makes it possible to get a rough
>> overview over the state of the uring by reading /proc/$pid/fdinfo/$fd,
>> just like e.g. eventfd (see eventfd_show_fdinfo()). It might be
>> helpful for debugging to be able to see information about the fixed
>> files and buffers that have been registered. Same for the
>> personalities; that information might also be useful when someone is
>> trying to figure out what privileges a running process actually has.
> 
> Agree, that would be a very useful addition. I'll take a look at it.

Jann, how much info are you looking for? Here's a rough start, just
shows the number of registered files and buffers, and lists the
personalities registered. We could also dump the buffer info for
each of them, and ditto for the files. Not sure how much verbosity
is acceptable in fdinfo?

Here's the test app for personality:

# cat 3
pos:	0
flags:	02000002
mnt_id:	14
user-files: 0
user-bufs: 0
personalities:
	    1: uid=0/gid=0


diff --git a/fs/io_uring.c b/fs/io_uring.c
index c5ca84a305d3..0b2c7d800297 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -6511,6 +6505,45 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
 	return submitted ? submitted : ret;
 }
 
+struct ring_show_idr {
+	struct io_ring_ctx *ctx;
+	struct seq_file *m;
+};
+
+static int io_uring_show_cred(int id, void *p, void *data)
+{
+	struct ring_show_idr *r = data;
+	const struct cred *cred = p;
+
+	seq_printf(r->m, "\t%5d: uid=%u/gid=%u\n", id, cred->uid.val,
+						cred->gid.val);
+	return 0;
+}
+
+static void __io_uring_show_fdinfo(struct io_ring_ctx *ctx, struct seq_file *m)
+{
+	struct ring_show_idr r = { .ctx = ctx, .m = m };
+
+	mutex_lock(&ctx->uring_lock);
+	seq_printf(m, "user-files: %d\n", ctx->nr_user_files);
+	seq_printf(m, "user-bufs: %d\n", ctx->nr_user_bufs);
+	if (!idr_is_empty(&ctx->personality_idr)) {
+		seq_printf(m, "personalities:\n");
+		idr_for_each(&ctx->personality_idr, io_uring_show_cred, &r);
+	}
+	mutex_unlock(&ctx->uring_lock);
+}
+
+static void io_uring_show_fdinfo(struct seq_file *m, struct file *f)
+{
+	struct io_ring_ctx *ctx = f->private_data;
+
+	if (percpu_ref_tryget(&ctx->refs)) {
+		__io_uring_show_fdinfo(ctx, m);
+		percpu_ref_put(&ctx->refs);
+	}
+}
+
 static const struct file_operations io_uring_fops = {
 	.release	= io_uring_release,
 	.flush		= io_uring_flush,
@@ -6521,6 +6554,7 @@ static const struct file_operations io_uring_fops = {
 #endif
 	.poll		= io_uring_poll,
 	.fasync		= io_uring_fasync,
+	.show_fdinfo	= io_uring_show_fdinfo,
 };
 
 static int io_allocate_scq_urings(struct io_ring_ctx *ctx,

-- 
Jens Axboe