From: Ming Lei <ming.lei@redhat.com>
To: Caleb Sander Mateos <csander@purestorage.com>
Cc: Jens Axboe <axboe@kernel.dk>,
io-uring@vger.kernel.org, Keith Busch <kbusch@kernel.org>
Subject: Re: [PATCH] io_uring: zero remained bytes when reading to fixed kernel buffer
Date: Sun, 23 Mar 2025 08:08:29 +0800 [thread overview]
Message-ID: <Z99Q_RQob_GBe8WO@fedora> (raw)
In-Reply-To: <CADUfDZp2TwVuLW+s+WEPOy=gHE8R7-JWEtxZhbmVeRy6CrGh6g@mail.gmail.com>
On Sat, Mar 22, 2025 at 11:10:23AM -0700, Caleb Sander Mateos wrote:
> On Sat, Mar 22, 2025 at 12:56 AM Ming Lei <ming.lei@redhat.com> wrote:
> >
> > So far fixed kernel buffer is only used for FS read/write, in which
> > the remained bytes need to be zeroed in case of short read, otherwise
> > kernel data may be leaked to userspace.
>
> I'm not sure I have all the background to understand whether kernel
> data can be leaked through ublk requests, but I share Pavel and
> Keith's questions about whether this scenario is even possible. If it
> is possible, I don't think this patch would cover all the affected
> cases:
> - Registered ublk buffers can be used with any io_uring operation, not
> just read/write. Wouldn't the same issue apply when using the ublk
> buffer with, say, a socket recv or an NVMe passthru operation?
IORING_RECVSEND_FIXED_BUF isn't handled for recv yet, so looks socket recv
isn't enabled...
> - Wouldn't the same issue apply if the ublk server completes a ublk
> read request without performing any I/O (zero-copy or not) to read
> data into its buffer?
Yes, it needs ublk zc server implementation to be trusted, and ublk zc
can't work in unprivileted mode.
For non-zc, no such risk because request buffer is filled with user data.
Thanks,
Ming
next prev parent reply other threads:[~2025-03-23 0:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-22 7:56 [PATCH] io_uring: zero remained bytes when reading to fixed kernel buffer Ming Lei
2025-03-22 12:02 ` Pavel Begunkov
2025-03-22 13:50 ` Ming Lei
2025-03-22 17:52 ` Keith Busch
2025-03-22 18:21 ` Pavel Begunkov
2025-03-22 23:58 ` Ming Lei
2025-03-22 18:15 ` Pavel Begunkov
2025-03-22 18:10 ` Caleb Sander Mateos
2025-03-23 0:08 ` Ming Lei [this message]
2025-03-23 15:55 ` Caleb Sander Mateos
2025-03-24 0:26 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z99Q_RQob_GBe8WO@fedora \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=csander@purestorage.com \
--cc=io-uring@vger.kernel.org \
--cc=kbusch@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.