On Thu, Jan 23, 2025 at 1:32 AM Jens Axboe <axboe@xxxxxxxxx> wrote: > io_uring_cmd_sock() does a read of cmd->sqe->cmd_op, which may look > like it's the userspace shared SQE, but it's a copy at this point. > Use cmd->cmd_op rather than dip into the allocated SQE copy - it's > both simpler and faster and leaves less room for confusion. > > Link: https://lore.kernel.org/r/20250121-uring-sockcmd-fix-v1-1-add742802a29@xxxxxxxxxx > Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> > > --- > > diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c > index fc94c465a985..3993c9339ac7 100644 > --- a/io_uring/uring_cmd.c > +++ b/io_uring/uring_cmd.c > @@ -350,7 +350,7 @@ int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags) > if (!prot || !prot->ioctl) > return -EOPNOTSUPP; > > - switch (cmd->sqe->cmd_op) { > + switch (cmd->cmd_op) { Ah, yeah, this does look better than the READ_ONCE() I suggested.
