Hi all, I've recently been reviewing the just merged io_uring support for passing PI and metadata from userspace and reconciling it with my fs PI design notes and prototype. One thing that I noticed is that for PI passed form userspace the kernel never verifies that the guard and ref tag match what we'd expect. I.e. if userspace passes incorrect information it can trigger a command failure and thus the driver error handler, which is something we don't usually allow for "regular" I/O. Definitively not on files but in general also not on the block device special files. Also a "random" reftag could cause some interesting integer overflows when partition (or later file offset) remapping. Shouldn't the kernel do verification of the guard/ref tags on writes with PI data? Also another thing is that right now the holder of a path or fd has no idea what metadata it is supposed to pass. For block device special files find the right sysfs directory is relatively straight forward (but still annoying), but one a file is on a file systems that becomes impossible. I think we'll need an ioctl that exposes the equivalent of the integrity sysfs directory to make this usable by applications.
