From: Jeff Moyer <jmoyer@redhat.com>
To: Subramanya Swamy <subramanya.swamy.linux@gmail.com>
Cc: corbet@lwn.net, axboe@kernel.dk, asml.silence@gmail.com,
ribalda@chromium.org, rostedt@goodmis.org, bhe@redhat.com,
akpm@linux-foundation.org, matteorizzo@google.com,
ardb@kernel.org, alexghiti@rivosinc.com,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
io-uring@vger.kernel.org
Subject: Re: [PATCH] iouring:added boundary value check for io_uring_group systl
Date: Tue, 16 Jan 2024 12:46:13 -0500 [thread overview]
Message-ID: <x49edeh5fyy.fsf@segfault.usersys.redhat.com> (raw)
In-Reply-To: 20240115124925.1735-1-subramanya.swamy.linux@gmail.com
Subramanya Swamy <subramanya.swamy.linux@gmail.com> writes:
> /proc/sys/kernel/io_uring_group takes gid as input
> added boundary value check to accept gid in range of
> 0<=gid<=4294967294 & Documentation is updated for same
Thanks for the patch. You're right, the current code artificially
limits the maximum group id.
> Signed-off-by: Subramanya Swamy <subramanya.swamy.linux@gmail.com>
> ---
> Documentation/admin-guide/sysctl/kernel.rst | 9 ++++-----
> io_uring/io_uring.c | 8 ++++++--
> 2 files changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> index 6584a1f9bfe3..3f96007aa971 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -469,11 +469,10 @@ shrinks the kernel's attack surface.
> io_uring_group
> ==============
>
> -When io_uring_disabled is set to 1, a process must either be
> -privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
> -to create an io_uring instance. If io_uring_group is set to -1 (the
> -default), only processes with the CAP_SYS_ADMIN capability may create
> -io_uring instances.
> +When io_uring_disabled is set to 1, only processes with the
> +CAP_SYS_ADMIN may create io_uring instances or process must be in the
> +io_uring_group group in order to create an io_uring_instance.
> +io_uring_group is set to 0.This is the default setting.
You are changing the default from an invalid group to the root group. I
guess that's ok, but I'd rather keep it the way it is. The text is a
bit repetitive. Why not just this?
"When io_uring_disabled is set to 1, a process must either be
privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
to create an io_uring instance."
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 09b6d860deba..0ed91b69643d 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -146,7 +146,9 @@ static void io_queue_sqe(struct io_kiocb *req);
> struct kmem_cache *req_cachep;
>
> static int __read_mostly sysctl_io_uring_disabled;
> -static int __read_mostly sysctl_io_uring_group = -1;
> +static unsigned int __read_mostly sysctl_io_uring_group;
> +static unsigned int min_gid;
> +static unsigned int max_gid = 4294967294; /*4294967294 is the max guid*/
Right, INVALID_GID is -1.
> #ifdef CONFIG_SYSCTL
> static struct ctl_table kernel_io_uring_disabled_table[] = {
> @@ -164,7 +166,9 @@ static struct ctl_table kernel_io_uring_disabled_table[] = {
> .data = &sysctl_io_uring_group,
> .maxlen = sizeof(gid_t),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_douintvec_minmax,
> + .extra1 = &min_gid,
This should be SYSCTL_ZERO.
> + .extra2 = &max_gid,
> },
> {},
> };
Thanks!
Jeff
next prev parent reply other threads:[~2024-01-16 17:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-15 12:49 [PATCH] iouring:added boundary value check for io_uring_group systl Subramanya Swamy
2024-01-16 17:46 ` Jeff Moyer [this message]
2024-01-20 14:09 ` Subramanya Swamy
2024-01-16 21:26 ` kernel test robot
2024-01-16 21:32 ` Jens Axboe
2024-01-20 14:09 ` Subramanya Swamy
2024-01-20 12:13 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=x49edeh5fyy.fsf@segfault.usersys.redhat.com \
--to=jmoyer@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alexghiti@rivosinc.com \
--cc=ardb@kernel.org \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=bhe@redhat.com \
--cc=corbet@lwn.net \
--cc=io-uring@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matteorizzo@google.com \
--cc=ribalda@chromium.org \
--cc=rostedt@goodmis.org \
--cc=subramanya.swamy.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.