On 7/15/23 8:06?AM, Jens Axboe wrote: > On 7/15/23 1:12?AM, Arnd Bergmann wrote: >> On Fri, Jul 14, 2023, at 22:14, Jens Axboe wrote: >>> On 7/14/23 12:33?PM, Arnd Bergmann wrote: >>>> On Fri, Jul 14, 2023, at 17:47, Christian Brauner wrote: >>>>> On Tue, Jul 11, 2023 at 04:18:13PM -0600, Jens Axboe wrote: >>>>>>>> Does this require argument conversion for compat tasks? >>>>>>>> >>>>>>>> Even without the rusage argument, I think the siginfo >>>>>>>> remains incompatible with 32-bit tasks, unfortunately. >>>>>>> >>>>>>> Hmm yes good point, if compat_siginfo and siginfo are different, then it >>>>>>> does need handling for that. Would be a trivial addition, I'll make that >>>>>>> change. Thanks Arnd! >>>>>> >>>>>> Should be fixed in the current version: >>>>>> >>>>>> https://git.kernel.dk/cgit/linux/commit/?h=io_uring-waitid&id=08f3dc9b7cedbd20c0f215f25c9a7814c6c601cc >>>>> >>>>> In kernel/signal.c in pidfd_send_signal() we have >>>>> copy_siginfo_from_user_any() it seems that a similar version >>>>> copy_siginfo_to_user_any() might be something to consider. We do have >>>>> copy_siginfo_to_user32() and copy_siginfo_to_user(). But I may lack >>>>> context why this wouldn't work here. >>>> >>>> We could add a copy_siginfo_to_user_any(), but I think open-coding >>>> it is easier here, since the in_compat_syscall() check does not >>>> work inside of the io_uring kernel thread, it has to be >>>> "if (req->ctx->compat)" in order to match the wordsize of the task >>>> that started the request. >>> >>> Yeah, unifying this stuff did cross my mind when adding another one. >>> Which I think could still be done, you'd just need to pass in a 'compat' >>> parameter similar to how it's done for iovec importing. >>> >>> But if it's ok with everybody I'd rather do that as a cleanup post this. >> >> Sure, keeping that separate seem best. >> >> Looking at what copy_siginfo_from_user_any() actually does, I don't >> even think it's worth adapting copy_siginfo_to_user_any() for io_uring, >> since it's already just a trivial wrapper, and adding another >> argument would add more complexity overall than it saves. > > Yeah, took a look too this morning, and not sure there's much to reduce > here that would make it cleaner. I'm going to send out a v2 with this > unchanged, holler if people disagree. One thing we could do is the below, but honestly not sure it's worth the hassle? diff --git a/io_uring/waitid.c b/io_uring/waitid.c index 14ffa07e161a..6de1041c4784 100644 --- a/io_uring/waitid.c +++ b/io_uring/waitid.c @@ -43,6 +43,8 @@ static bool io_waitid_compat_copy_si(struct io_waitid *iw, int signo) bool ret; infop = (struct compat_siginfo __user *) iw->infop; + if (!infop) + return true; if (!user_write_access_begin(infop, sizeof(*infop))) return false; @@ -66,32 +68,13 @@ static bool io_waitid_compat_copy_si(struct io_waitid *iw, int signo) static bool io_waitid_copy_si(struct io_kiocb *req, int signo) { struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid); - bool ret; - - if (!iw->infop) - return true; #ifdef CONFIG_COMPAT if (req->ctx->compat) return io_waitid_compat_copy_si(iw, signo); #endif - if (!user_write_access_begin(iw->infop, sizeof(*iw->infop))) - return false; - - unsafe_put_user(signo, &iw->infop->si_signo, Efault); - unsafe_put_user(0, &iw->infop->si_errno, Efault); - unsafe_put_user(iw->info.cause, &iw->infop->si_code, Efault); - unsafe_put_user(iw->info.pid, &iw->infop->si_pid, Efault); - unsafe_put_user(iw->info.uid, &iw->infop->si_uid, Efault); - unsafe_put_user(iw->info.status, &iw->infop->si_status, Efault); - ret = true; -done: - user_write_access_end(); - return ret; -Efault: - ret = false; - goto done; + return siginfo_put_user(iw->infop, &iw->info, signo); } static int io_waitid_finish(struct io_kiocb *req, int ret) diff --git a/kernel/exit.c b/kernel/exit.c index 1c9d1cbadcd0..e3a0b6699a23 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -1723,6 +1723,28 @@ static long kernel_waitid(int which, pid_t upid, struct waitid_info *infop, return ret; } +bool siginfo_put_user(struct siginfo __user *infop, struct waitid_info *wi, + int signo) +{ + if (!infop) + return true; + + if (!user_write_access_begin(infop, sizeof(*infop))) + return false; + + unsafe_put_user(signo, &infop->si_signo, Efault); + unsafe_put_user(0, &infop->si_errno, Efault); + unsafe_put_user(wi->cause, &infop->si_code, Efault); + unsafe_put_user(wi->pid, &infop->si_pid, Efault); + unsafe_put_user(wi->uid, &infop->si_uid, Efault); + unsafe_put_user(wi->status, &infop->si_status, Efault); + user_write_access_end(); + return true; +Efault: + user_write_access_end(); + return false; +} + SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *, infop, int, options, struct rusage __user *, ru) { @@ -1737,23 +1759,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *, if (ru && copy_to_user(ru, &r, sizeof(struct rusage))) return -EFAULT; } - if (!infop) - return err; - - if (!user_write_access_begin(infop, sizeof(*infop))) + if (siginfo_put_user(infop, &info, signo)) return -EFAULT; - - unsafe_put_user(signo, &infop->si_signo, Efault); - unsafe_put_user(0, &infop->si_errno, Efault); - unsafe_put_user(info.cause, &infop->si_code, Efault); - unsafe_put_user(info.pid, &infop->si_pid, Efault); - unsafe_put_user(info.uid, &infop->si_uid, Efault); - unsafe_put_user(info.status, &infop->si_status, Efault); - user_write_access_end(); return err; -Efault: - user_write_access_end(); - return -EFAULT; } long kernel_wait4(pid_t upid, int __user *stat_addr, int options, diff --git a/kernel/exit.h b/kernel/exit.h index f10207ba1341..b7e0e32133fa 100644 --- a/kernel/exit.h +++ b/kernel/exit.h @@ -27,4 +27,6 @@ long __do_wait(struct wait_opts *wo); int kernel_waitid_prepare(struct wait_opts *wo, int which, pid_t upid, struct waitid_info *infop, int options, struct rusage *ru, unsigned int *f_flags); +bool siginfo_put_user(struct siginfo __user *infop, struct waitid_info *wi, + int signo); #endif -- Jens Axboe
