On 2/21/20 12:10 PM, Jens Axboe wrote: >> Got it. Then, it may happen in the future after returning from >> __io_arm_poll_handler() and io_uring_enter(). And by that time io_submit_sqes() >> should have already restored creds (i.e. personality stuff) on the way back. >> This might be a problem. > > Not sure I follow, can you elaborate? Just to be sure, the requests that > go through the poll handler will go through __io_queue_sqe() again. Oh I > guess your point is that that is one level below where we normally > assign the creds. Fixed this one. >> BTW, Is it by design, that all requests of a link use personality creds >> specified in the head's sqe? > > No, I think that's more by accident. We should make sure they use the > specified creds, regardless of the issue time. Care to clean that up? > Would probably help get it right for the poll case, too. Took a look at this, and I think you're wrong. Every iteration of io_submit_sqe() will lookup the right creds, and assign them to the current task in case we're going to issue it. In the case of a link where we already have the head, then we grab the current work environment. This means assigning req->work.creds from get_current_cred(), if not set, and these are the credentials we looked up already. -- Jens Axboe
