On 3/4/22 02:19, Jens Axboe wrote:
On 3/3/22 6:52 PM, Pavel Begunkov wrote:
On 3/3/22 16:31, Jens Axboe wrote:
On 3/3/22 7:40 AM, Jens Axboe wrote:
On 3/3/22 7:36 AM, Jens Axboe wrote:
[...]
diff --git a/fs/io_uring.c b/fs/io_uring.c
index ad3e0b0ab3b9..8a1f97054b71 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
[...]
static void *io_uring_validate_mmap_request(struct file *file,
loff_t pgoff, size_t sz)
{
@@ -10191,12 +10266,23 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
io_run_task_work();
if (unlikely(flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP |
- IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG)))
+ IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG |
+ IORING_ENTER_REGISTERED_RING)))
return -EINVAL;
- f = fdget(fd);
- if (unlikely(!f.file))
- return -EBADF;
+ if (flags & IORING_ENTER_REGISTERED_RING) {
+ struct io_uring_task *tctx = current->io_uring;
+
+ if (fd >= IO_RINGFD_REG_MAX || !tctx)
+ return -EINVAL;
+ f.file = tctx->registered_rings[fd];
btw, array_index_nospec(), possibly not only here.
Yeah, was thinking that earlier too in fact but forgot about it. Might
as well, though I don't think it's strictly required as it isn't a user
table.
I may have missed in what cases it's used, but shouldn't it be
in all cases when we use a user passed index for array addressing?
e.g. to protect from pre-caching a chunk of memory computed from
an out-of-array malevolent index
I just don't see any relevant difference from normal file tables
--
Pavel Begunkov
