On Thu, May 07, 2020 at 02:53:30PM -0600, Jens Axboe wrote:
I think the patch is correct as-is, I took a good look at how we're currently handling it. None of those three ops should fiddle with the fd at all, and all of them do forbid the use of fixed files (the descriptor table look-alikes), so that part is fine, too.
There's some low hanging fruit around optimizing and improving it, I'm including an updated version below. Max, can you double check with your testing?
<looks>
Could you explain WTF is io_issue_sqe() doing in case of IORING_OP_CLOSE? Specifically, what is the value of req->close.fd = READ_ONCE(sqe->fd); if (req->file->f_op == &io_uring_fops || req->close.fd == req->ctx->ring_fd) return -EBADF; in io_close_prep()? And what does happen if some joker does dup2() of something with io_uring_fops into our slot right after that check? Before the subsequent ret = __close_fd_get_file(req->close.fd, &req->close.put_file); that is.