Re: [PATCH 09/13] io_uring: add submission polling

From: Jens Axboe <axboe@kernel.dk>
Date: 2019-01-28 21:28:51
Also in: linux-fsdevel

On 1/28/19 2:13 PM, Jeff Moyer wrote:

Jens Axboe [off-list ref] writes:

quoted

@@ -1270,6 +1445,27 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx)
 	if (!ctx->sqo_files)
 		goto err;
 
+	if (ctx->flags & IORING_SETUP_SQPOLL) {
+		if (p->flags & IORING_SETUP_SQ_AFF) {
+			ctx->sqo_thread = kthread_create_on_cpu(io_sq_thread,
+							ctx, p->sq_thread_cpu,
+							"io_uring-sq");

sq_thread_cpu looks like another candidate for array_index_nospec.
Following the macros, kthread_create_on_cpu calls cpu_to_node, which
does:
        return per_cpu(x86_cpu_to_node_map, cpu);

#define per_cpu(var, cpu)       (*per_cpu_ptr(&(var), cpu))
#define per_cpu_ptr(ptr, cpu)                                           \
({                                                                      \
        __verify_pcpu_ptr(ptr);                                         \
        SHIFT_PERCPU_PTR((ptr), per_cpu_offset((cpu)));                 \
})
#define per_cpu_offset(x) (__per_cpu_offset[x])
                           ^^^^^^^^^^^^^^^^^^^

It also looks like there's no bounds checking there, so we probably want
to make sure sq_thread_cpu can't overflow the __per_cpu_offset array
(NR_CPUS).

Added, can't hurt in any case.

-- 
Jens Axboe

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help