On 1/28/19 2:13 PM, Jeff Moyer wrote: > Jens Axboe <[email protected]> writes: > >> @@ -1270,6 +1445,27 @@ static int io_sq_offload_start(struct io_ring_ctx >> *ctx) >> if (!ctx->sqo_files) >> goto err; >> >> + if (ctx->flags & IORING_SETUP_SQPOLL) { >> + if (p->flags & IORING_SETUP_SQ_AFF) { >> + ctx->sqo_thread = kthread_create_on_cpu(io_sq_thread, >> + ctx, p->sq_thread_cpu, >> + "io_uring-sq"); > > sq_thread_cpu looks like another candidate for array_index_nospec. > Following the macros, kthread_create_on_cpu calls cpu_to_node, which > does: > return per_cpu(x86_cpu_to_node_map, cpu); > > #define per_cpu(var, cpu) (*per_cpu_ptr(&(var), cpu)) > #define per_cpu_ptr(ptr, cpu) \ > ({ \ > __verify_pcpu_ptr(ptr); \ > SHIFT_PERCPU_PTR((ptr), per_cpu_offset((cpu))); \ > }) > #define per_cpu_offset(x) (__per_cpu_offset[x]) > ^^^^^^^^^^^^^^^^^^^ > > It also looks like there's no bounds checking there, so we probably want > to make sure sq_thread_cpu can't overflow the __per_cpu_offset array > (NR_CPUS).
Added, can't hurt in any case. -- Jens Axboe
