Re: [PATCH v4 1/2] fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/4/24 11:10, Eric Biggers wrote:
If I understand correctly, this patch is supposed to fix a memory safety bug
when kiocb_set_cancel_fn() is called on a kiocb that is owned by io_uring
instead of legacy AIO.  However, the kiocb still gets accessed as an aio_kiocb
at the very beginning of the function, so it's still broken:

	struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw);
	struct kioctx *ctx = req->ki_ctx;

Hi Eric,

Thanks for having reported this. I agree that this needs to be fixed.

I'm also wondering why "ignore" is the right fix.  The USB gadget driver sees
that it has asynchronous I/O (kiocb::ki_complete != NULL) and then tries to set
a cancellation function.  What is the expected behavior when the I/O is owned by
io_uring?  Should it perhaps call into io_uring to set a cancellation function
with io_uring?  Or is the concept of cancellation functions indeed specific to
legacy AIO, and nothing should be done with io_uring I/O?

As far as I know no Linux user space interface for submitting I/O supports cancellation of read or write requests other than the AIO
io_cancel() system call.

It would make it easier to maintain the kernel if I/O cancellation
support would be removed. However, there is existing user space code
that depends on USB I/O cancellation so I'm not sure how to proceed to remove AIO io_cancel() support from the kernel.

Thanks,

Bart.




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux