On Wed, Feb 06, 2019 at 10:56:41AM -0700, Jens Axboe wrote:
> On 2/5/19 6:01 PM, Al Viro wrote:
> > On Tue, Feb 05, 2019 at 05:27:29PM -0700, Jens Axboe wrote:
> >
> >> This should be better, passes some basic testing, too:
> >>
> >> http://git.kernel.dk/cgit/linux-block/commit/?h=io_uring&id=01a93aa784319a02ccfa6523371b93401c9e0073
> >>
> >> Verified that we're grabbing the right refs, and don't hold any
> >> ourselves. For the file registration, forbid registration of the
> >> io_uring fd, as that is pointless and will introduce a loop regardless
> >> of fd passing.
> >
> > *shrug*
> >
> > So pass it to AF_UNIX socket and register _that_ - does't change the
> > underlying problem.
>
> Maybe I'm being dense here, but it's an f_op match. Should catch a
> passed fd as well, correct?
f_op match on _what_?
> With that, how can there be a loop?
io_uring_fd = ....
socketpair(PF_UNIX, SOCK_STREAM, 0, sock_fds);
register sock_fds[0] and sock_fds[1] to io_uring_fd
send SCM_RIGHTS datagram with io_uring_fd to sock_fds[0]
close sock_fds[0], sock_fds[1] and io_uring_fd
And there's your unreachable loop.
