[PATCH 0/2] io_uring resource handling fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/2] io_uring resource handling fixes
@ 2022-04-06 11:43 Pavel Begunkov
  2022-04-06 11:43 ` [PATCH 1/2] io_uring: nospec index for tags on files update Pavel Begunkov
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Pavel Begunkov @ 2022-04-06 11:43 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, asml.silence

Two small fixes for rsrc infrastructure

Pavel Begunkov (2):
  io_uring: nospec index for tags on files update
  io_uring: don't touch scm_fp_list after queueing skb

 fs/io_uring.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

-- 
2.35.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] io_uring: nospec index for tags on files update
  2022-04-06 11:43 [PATCH 0/2] io_uring resource handling fixes Pavel Begunkov
@ 2022-04-06 11:43 ` Pavel Begunkov
  2022-04-06 11:43 ` [PATCH 2/2] io_uring: don't touch scm_fp_list after queueing skb Pavel Begunkov
  2022-04-06 12:47 ` [PATCH 0/2] io_uring resource handling fixes Jens Axboe
  2 siblings, 0 replies; 4+ messages in thread
From: Pavel Begunkov @ 2022-04-06 11:43 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, asml.silence

Don't forget to array_index_nospec() for indexes before updating rsrc
tags in __io_sqe_files_update(), just use already safe and precalculated
index @i.

Fixes: c3bdad0271834 ("io_uring: add generic rsrc update with tags")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---
 fs/io_uring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index f95b44a91b7d..449d4ea419cb 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -9294,7 +9294,7 @@ static int __io_sqe_files_update(struct io_ring_ctx *ctx,
 				err = -EBADF;
 				break;
 			}
-			*io_get_tag_slot(data, up->offset + done) = tag;
+			*io_get_tag_slot(data, i) = tag;
 			io_fixed_file_set(file_slot, file);
 			err = io_sqe_file_register(ctx, file, i);
 			if (err) {
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] io_uring: don't touch scm_fp_list after queueing skb
  2022-04-06 11:43 [PATCH 0/2] io_uring resource handling fixes Pavel Begunkov
  2022-04-06 11:43 ` [PATCH 1/2] io_uring: nospec index for tags on files update Pavel Begunkov
@ 2022-04-06 11:43 ` Pavel Begunkov
  2022-04-06 12:47 ` [PATCH 0/2] io_uring resource handling fixes Jens Axboe
  2 siblings, 0 replies; 4+ messages in thread
From: Pavel Begunkov @ 2022-04-06 11:43 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, asml.silence

It's safer to not touch scm_fp_list after we queued an skb to which it
was assigned, there might be races lurking if we screw subtle sync
guarantees on the io_uring side.

Fixes: 6b06314c47e14 ("io_uring: add file set registration")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---
 fs/io_uring.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 449d4ea419cb..481e12115dbb 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8831,8 +8831,12 @@ static int __io_sqe_files_scm(struct io_ring_ctx *ctx, int nr, int offset)
 		refcount_add(skb->truesize, &sk->sk_wmem_alloc);
 		skb_queue_head(&sk->sk_receive_queue, skb);
 
-		for (i = 0; i < nr_files; i++)
-			fput(fpl->fp[i]);
+		for (i = 0; i < nr; i++) {
+			struct file *file = io_file_from_index(ctx, i + offset);
+
+			if (file)
+				fput(file);
+		}
 	} else {
 		kfree_skb(skb);
 		free_uid(fpl->user);
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 0/2] io_uring resource handling fixes
  2022-04-06 11:43 [PATCH 0/2] io_uring resource handling fixes Pavel Begunkov
  2022-04-06 11:43 ` [PATCH 1/2] io_uring: nospec index for tags on files update Pavel Begunkov
  2022-04-06 11:43 ` [PATCH 2/2] io_uring: don't touch scm_fp_list after queueing skb Pavel Begunkov
@ 2022-04-06 12:47 ` Jens Axboe
  2 siblings, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2022-04-06 12:47 UTC (permalink / raw)
  To: Pavel Begunkov, io-uring

On 4/6/22 5:43 AM, Pavel Begunkov wrote:
> Two small fixes for rsrc infrastructure
> 
> Pavel Begunkov (2):
>   io_uring: nospec index for tags on files update
>   io_uring: don't touch scm_fp_list after queueing skb
> 
>  fs/io_uring.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)

Thanks, applied.

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-06 15:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-06 11:43 [PATCH 0/2] io_uring resource handling fixes Pavel Begunkov
2022-04-06 11:43 ` [PATCH 1/2] io_uring: nospec index for tags on files update Pavel Begunkov
2022-04-06 11:43 ` [PATCH 2/2] io_uring: don't touch scm_fp_list after queueing skb Pavel Begunkov
2022-04-06 12:47 ` [PATCH 0/2] io_uring resource handling fixes Jens Axboe

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.