On 1/29/2020 4:56 PM, Stefan Metzmacher wrote: >>> However I think there're a few things to improve/simplify. >> Since 5.6 is already semi-open, it'd be great to have an incremental >> patch for that. I'll retoss things as usual, if nobody do it before. > > I'll wait for comments from Jens first:-) > I guess we'll have things changed in his branch, when I wake up > tomorrow. Otherwise I can also create patches and submit them. Sure, I won't get there any time soon. > > But I currently don't have an environment where I can do runtime tests > with it. > >>>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=a26d26412e1e1783473f9dc8f030c3af3d54b1a6 >>> >>> In fs/io_uring.c mmgrab() and get_current_cred() are used together in >>> two places, why is put_cred() called in __io_req_aux_free while >>> mmdrop() is called from io_put_work(). I think both should be called >>> in io_put_work(), that makes the code much easier to understand. >>> >>> My guess is that you choose __io_req_aux_free() for put_cred() because >>> of the following patches, but I'll explain on the other commit >>> why it's not needed. >>> >>>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=d9db233adf034bd7855ba06190525e10a05868be >>> >>> A minor one would be starting with 1 instead of 0 and using >>> idr_alloc_cyclic() in order to avoid immediate reuse of ids. >>> That way we could include the id in the tracing message and >>> 0 would mean the current creds were used. >>> >>>> +static int io_remove_personalities(int id, void *p, void *data) >>>> +{ >>>> + struct io_ring_ctx *ctx = data; >>>> + >>>> + idr_remove(&ctx->personality_idr, id); >>> >>> Here we need something like: >>> put_creds((const struct cred *)p); >> >> Good catch >> >>> >>>> + return 0; >>>> +} >>> >>> >>> The io_uring_register() calles would look like this, correct? >>> >>> id = io_uring_register(ring_fd, IORING_REGISTER_PERSONALITY, NULL, 0); >>> io_uring_register(ring_fd, IORING_UNREGISTER_PERSONALITY, NULL, id); >>> >>>> https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.6/io_uring-vfs&id=eec9e69e0ad9ad364e1b6a5dfc52ad576afee235 >>>> + >>>> + if (sqe_flags & IOSQE_PERSONALITY) { >>>> + int id = READ_ONCE(sqe->personality); >>>> + >>>> + req->work.creds = idr_find(&ctx->personality_idr, id); >>>> + if (unlikely(!req->work.creds)) { >>>> + ret = -EINVAL; >>>> + goto err_req; >>>> + } >>>> + get_cred(req->work.creds);> + old_creds = override_creds(req->work.creds); >>>> + } >>>> + >>> >>> Here we could use a helper variable >>> const struct cred *personality_creds; >>> and leave req->work.creds as NULL. >>> It means we can avoid the explicit get_cred() call >>> and can skip the following hunk too: >>> >>>> @@ -3977,7 +3977,8 @@ static int io_req_defer_prep(struct io_kiocb *req, >>>> mmgrab(current->mm); >>>> req->work.mm = current->mm; >>>> } >>>> - req->work.creds = get_current_cred(); >>>> + if (!req->work.creds) >>>> + req->work.creds = get_current_cred(); >>>> >>>> switch (req->opcode) { >>>> case IORING_OP_NOP: >>> >>> The override_creds(personality_creds) has changed current->cred >>> and get_current_cred() will just pick it up as in the default case. >>> >>> This would make the patch much simpler and allows put_cred() to be >>> in io_put_work() instead of __io_req_aux_free() as explained above. >>> >> >> It's one extra get_current_cred(). I'd prefer to find another way to >> clean this up. > > As far as I can see it avoids a get_cred() in the IOSQE_PERSONALITY case > and the if (!req->work.creds) for both cases. Great, that you turned attention to that! override_creds() is already grabbing a ref, so it shouldn't call get_cred() there. So, that's a bug. It could be I'm wrong with the statement above, need to recheck all this code to be sure. BTW, io_req_defer_prep() may be called twice for a req, so you will reassign it without putting a ref. It's safer to leave NULL checks. At least, until I've done reworking and fixing preparation paths. > > What do you mean exactly with one extra get_current_cred()? > Is that any worse than calling get_cred() and having an if check? > > It also seems to avoid req->work.creds from being filled at all > for the non-blocking case. > > metze > -- Pavel Begunkov
