From: Pavel Begunkov <asml.silence@gmail.com>
To: Gabriel Krisman Bertazi <krisman@suse.de>, axboe@kernel.dk
Cc: io-uring@vger.kernel.org, josh@joshtriplett.org
Subject: Re: [PATCH RFC 6/9] io_uring: Let commands run with current credentials
Date: Wed, 11 Dec 2024 14:48:26 +0000 [thread overview]
Message-ID: <39ba714b-c745-4fac-963b-822f55bbaf69@gmail.com> (raw)
In-Reply-To: <20241209234316.4132786-7-krisman@suse.de>
On 12/9/24 23:43, Gabriel Krisman Bertazi wrote:
> IORING_OP_EXEC runs only from a custom handler and cannot rely on
> overloaded credentials. This commit adds infrastructure to allow running
> operations without overloading the credentials, i.e. not enabling the
> REQ_F_CREDS flag.
>
> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
> ---
> io_uring/io_uring.c | 2 +-
> io_uring/opdef.h | 2 ++
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index a19f72755eaa..0fd8709401fc 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -457,7 +457,7 @@ static void io_prep_async_work(struct io_kiocb *req)
> const struct io_issue_def *def = &io_issue_defs[req->opcode];
> struct io_ring_ctx *ctx = req->ctx;
>
> - if (!(req->flags & REQ_F_CREDS)) {
> + if (!(req->flags & REQ_F_CREDS) && !def->ignore_creds)
It's not the only place setting creds, see io_init_req().
--
Pavel Begunkov
next prev parent reply other threads:[~2024-12-11 14:47 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-09 23:43 [PATCH RFC 0/9] Launching processes with io_uring Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 1/9] io_uring: Drop __io_req_find_next_prep Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 2/9] io_uring: Expose failed request helper in internal header Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 3/9] kernel/fork: Don't inherit PF_USER_WORKER from parent Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 4/9] fs/exec: Expose do_execveat symbol Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 5/9] kernel/fork: Add helper to fork from io_uring Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 6/9] io_uring: Let commands run with current credentials Gabriel Krisman Bertazi
2024-12-11 14:48 ` Pavel Begunkov [this message]
2024-12-09 23:43 ` [PATCH RFC 7/9] io_uring: Introduce IORING_OP_CLONE Gabriel Krisman Bertazi
2024-12-11 13:37 ` Pavel Begunkov
2024-12-11 17:26 ` Josh Triplett
2024-12-17 11:03 ` Pavel Begunkov
2024-12-17 19:14 ` Josh Triplett
2024-12-09 23:43 ` [PATCH RFC 8/9] io_uring: Let ->issue know if it was called from spawn thread Gabriel Krisman Bertazi
2024-12-09 23:43 ` [PATCH RFC 9/9] io_uring: Introduce IORING_OP_EXEC command Gabriel Krisman Bertazi
2024-12-10 21:01 ` Josh Triplett
2024-12-10 21:10 ` [PATCH RFC 0/9] Launching processes with io_uring Josh Triplett
2024-12-11 14:02 ` Pavel Begunkov
2024-12-11 17:34 ` Josh Triplett
2024-12-13 20:13 ` Gabriel Krisman Bertazi
2024-12-17 16:10 ` Pavel Begunkov
2024-12-30 23:38 ` Gabriel Krisman Bertazi
2024-12-31 14:35 ` Pavel Begunkov
2025-01-18 22:33 ` Askar Safin
2025-01-19 3:04 ` Pavel Begunkov
2025-01-22 23:49 ` Askar Safin
2025-01-23 0:31 ` Pavel Begunkov
2025-01-23 1:10 ` Pavel Begunkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39ba714b-c745-4fac-963b-822f55bbaf69@gmail.com \
--to=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=io-uring@vger.kernel.org \
--cc=josh@joshtriplett.org \
--cc=krisman@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.