From patchwork Tue Jan 21 16:09:59 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jann Horn <jannh@google.com>
X-Patchwork-Id: 13946444
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com
 [209.85.128.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 615781741D2
	for <io-uring@vger.kernel.org>; Tue, 21 Jan 2025 16:10:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.45
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737475809; cv=none;
 b=dT8gkHq1kV6RRn8+Zjy9uSKx68Y/vzRPE02QrMGp2xWRe8g4DbxEzGdLssmdV57H/zn35aS/18MDz/nkzCkX7gTCLyNGSwKcz8918LYRdM98P4AwETUMiujGQ6HfH95NzosWAuiItn1XxyjTkKd6kQsbeWGuIvjVy/bAuzf2L3Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737475809; c=relaxed/simple;
	bh=pEyoQvQWT6idVibEeyq1Yg7Ofbc/zFY8E1cz2BUMuKM=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;
 b=L9MbTofzlqVQtyQ+E7Ar1Nr/1uQvtZ7c5bpHFtjlFXbp/dzkimRHHsguCv3tm600DWHReAhEoRatuV1GbxT8ng9pf6jIJoFCZx4P79TqqTw/h1sgPJfLk6PvhEWewscpQZpx8++1mkTC7NJTSVKtSB7U3Lt7kuM4D6ownsl/5KQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=JQFYor58; arc=none smtp.client-ip=209.85.128.45
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="JQFYor58"
Received: by mail-wm1-f45.google.com with SMTP id
 5b1f17b1804b1-435b0df5dbdso139565e9.0
        for <io-uring@vger.kernel.org>; Tue, 21 Jan 2025 08:10:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737475805; x=1738080605;
 darn=vger.kernel.org;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:from:to:cc:subject:date:message-id:reply-to;
        bh=A5EzkxHuBI8yDHTyPXO5W+a90sGmWcj3zVI9ThOaO6g=;
        b=JQFYor586rYOm73fO96mCrAc/uEmFKRAvO0MQ/JiXN8UI1Qn+StZJq6LLy7j+U0tfe
         JQ6ZnyayitJG98t0JvLJv9rWhs3ZwDyqYc0lmwzAmOEpYxIJ2cmch6Zk+CjiRJSI1Hpw
         Bd9vSFjSDSSwt9JFn6d41K8eB4VZ9MYvEpTHq07p/DPjrbYnyTNXx81QbIePmvIoxU8K
         IkSm6lAZJAOR8eP0c8LxCD+wfVGnOK11CUmgPvT/hpIDd5On2GenxggcwluOLc32kWWe
         ChigpZxLaBJR6s+MQcTqMP8/P5LK4OYZksogqozgv/0wOJCdTYAXeAMJH2vWKIknLDx7
         CFxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737475805; x=1738080605;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=A5EzkxHuBI8yDHTyPXO5W+a90sGmWcj3zVI9ThOaO6g=;
        b=Q+cWVztLURTwaIQf9tYT7Xz0Aac4IlVnJn84VFNKI1jpR6kxF5R0b0gQYWJ2YMwC9l
         ROamk6g8wcay2jg4XUL20Xwi9IJF1gPeutCGVKtewVJikBt4Lrti5SDBgs8aL6WNCyF5
         O3xKwx8dr0g5YVXxy3t0qBUP83dXF5gMXiYD3ntvCp4ZTlz7VUZeUmYxXrCyv3wf2tUE
         kYVqkU28ZIHQj9TE5XbS0GjFnsr7qo5HHJKxNHXD1pvGH/QT0eQOz9Dsh811jYxaZJSl
         1v7CTTJq+tEoSnwL523xqGtDsU+akqQWcSGq+aGLrosBPpnN4zNH8tjKP7sFORiMnbHj
         5TbQ==
X-Gm-Message-State: AOJu0YxeeQMoqVJib8BKpCxMu4YNPsB9dzYCkqU9C2/AVAEpVY4qcmsa
	Dp4U6Iq/7rpIFVJxfH4Tsa/zwzlxmLaAc4G+0Gfdc238VtoxX5DrcAFadP/WNf9qevgfIzsrjF0
	jH+tk
X-Gm-Gg: ASbGncsd25pTydhnG1zMLEuK5GkvK4rwHQFG+batmmEEsGO6Rzlph30RaMZqwoz7JCV
	DtC+4ZBLBVxFwdXLvltAIWVo+eqY3/0g/ZM6wqYRTrzW+PeD6VHPFHpksreZokXpZpqJP3F3aT/
	8fhLqf37tPW/soncOf7Av1157mPZpIe5vx0HRSroiAAQtN0jl4uDDwbSB2vE+bnMbAm8MTduOql
	1mMqZCOeszkbcGJLI2FO82NXD7yy0iTMi0CPAlAu8mBrYYBvHpY3r/XZGU=
X-Google-Smtp-Source: 
 AGHT+IEnqGlP0mkhPSeKjo/LbQpcR7eQ4ujkEkN21jV24Yk8ZD1wCZ8hhCkkpGuo0nw96gn/DYUFCA==
X-Received: by 2002:a05:600c:564a:b0:434:9fac:3408 with SMTP id
 5b1f17b1804b1-438a08f5d3amr3963895e9.2.1737475804237;
        Tue, 21 Jan 2025 08:10:04 -0800 (PST)
Received: from localhost ([2a00:79e0:9d:4:690e:31d2:955f:4757])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4389041f61bsm182804475e9.17.2025.01.21.08.10.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 08:10:03 -0800 (PST)
From: Jann Horn <jannh@google.com>
Date: Tue, 21 Jan 2025 17:09:59 +0100
Subject: [PATCH] io_uring/uring_cmd: add missing READ_ONCE() on shared
 memory read
Precedence: bulk
X-Mailing-List: io-uring@vger.kernel.org
List-Id: <io-uring.vger.kernel.org>
List-Subscribe: <mailto:io-uring+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:io-uring+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-Id: <20250121-uring-sockcmd-fix-v1-1-add742802a29@google.com>
X-B4-Tracking: v=1; b=H4sIANfGj2cC/x2MQQqAIBAAvxJ7bkENkfpKdCjbaok0lCKQ/t7Sc
 QZmCmRKTBm6qkCimzPHIKDrCvw2hpWQZ2EwyliljcYrcVgxR7/7Y8aFH3R2cg3ZqXVWgXRnItH
 /sx/e9wNNkA6LYwAAAA==
X-Change-ID: 20250121-uring-sockcmd-fix-75b73e5b9750
To: Jens Axboe <axboe@kernel.dk>, Pavel Begunkov <asml.silence@gmail.com>
Cc: io-uring@vger.kernel.org, linux-kernel@vger.kernel.org,
 Jann Horn <jannh@google.com>
X-Mailer: b4 0.15-dev
X-Developer-Signature: v=1; a=ed25519-sha256; t=1737475800; l=1131;
 i=jannh@google.com; s=20240730; h=from:subject:message-id;
 bh=pEyoQvQWT6idVibEeyq1Yg7Ofbc/zFY8E1cz2BUMuKM=;
 b=VGKDcbuKJt9SxaTs68JubYzt2aCYSgWvTQYq38OChjFMCucq9gOfro/KxuUHhylrmAClv7058
 /Z0pFDEi5ttD+RlbGww3HQGEDjHhb4okleQguxFrqrM7TEVo7OgSfrU
X-Developer-Key: i=jannh@google.com; a=ed25519;
 pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8=

cmd->sqe seems to point to shared memory here; so values should only be
read from it with READ_ONCE(). To ensure that the compiler won't generate
code that assumes the value in memory will stay constant, add a
READ_ONCE().
The callees io_uring_cmd_getsockopt() and io_uring_cmd_setsockopt() already
do this correctly.

Signed-off-by: Jann Horn <jannh@google.com>
---
 io_uring/uring_cmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


---
base-commit: 95ec54a420b8f445e04a7ca0ea8deb72c51fe1d3
change-id: 20250121-uring-sockcmd-fix-75b73e5b9750

diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
index fc94c465a9850d4ed9df0cd26fcd6523657a2854..f4397bd66283d5939b60e7fa0a12bd7426322b9f 100644
--- a/io_uring/uring_cmd.c
+++ b/io_uring/uring_cmd.c
@@ -350,7 +350,7 @@ int io_uring_cmd_sock(struct io_uring_cmd *cmd, unsigned int issue_flags)
 	if (!prot || !prot->ioctl)
 		return -EOPNOTSUPP;
 
-	switch (cmd->sqe->cmd_op) {
+	switch (READ_ONCE(cmd->sqe->cmd_op)) {
 	case SOCKET_URING_OP_SIOCINQ:
 		ret = prot->ioctl(sk, SIOCINQ, &arg);
 		if (ret)