Commit 193155c8 authored by Jens Axboe's avatar Jens Axboe
Browse files

io_uring: handle multiple personalities in link chains 



If we have a chain of requests and they don't all use the same
credentials, then the head of the chain will be issued with the
credentails of the tail of the chain.

Ensure __io_queue_sqe() overrides the credentials, if they are different.

Once we do that, we can clean up the creds handling as well, by only
having io_submit_sqe() do the lookup of a personality. It doesn't need
to assign it, since __io_queue_sqe() now always does the right thing.

Fixes: 75c6a039 ("io_uring: support using a registered personality for commands")
Reported-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f8788d86

fs/io_uring.c

+15 −10
Original line number Diff line number Diff line
@@ -4705,11 +4705,21 @@ static void __io_queue_sqe(struct io_kiocb *req, const struct io_uring_sqe *sqe) 
{

	struct io_kiocb *linked_timeout;

	struct io_kiocb *nxt = NULL;

	const struct cred *old_creds = NULL;

	int ret;



again:

	linked_timeout = io_prep_linked_timeout(req);



	if (req->work.creds && req->work.creds != current_cred()) {

		if (old_creds)

			revert_creds(old_creds);

		if (old_creds == req->work.creds)

			old_creds = NULL; /* restored original creds */

		else

			old_creds = override_creds(req->work.creds);

	}



	ret = io_issue_sqe(req, sqe, &nxt, true);



	/*
@@ -4759,6 +4769,8 @@ done_req: 
			goto punt;

		goto again;

	}

	if (old_creds)

		revert_creds(old_creds);

}



static void io_queue_sqe(struct io_kiocb *req, const struct io_uring_sqe *sqe)
@@ -4803,7 +4815,6 @@ static inline void io_queue_link_head(struct io_kiocb *req) 
static bool io_submit_sqe(struct io_kiocb *req, const struct io_uring_sqe *sqe,

			  struct io_submit_state *state, struct io_kiocb **link)

{

	const struct cred *old_creds = NULL;

	struct io_ring_ctx *ctx = req->ctx;

	unsigned int sqe_flags;

	int ret, id;
@@ -4818,14 +4829,12 @@ static bool io_submit_sqe(struct io_kiocb *req, const struct io_uring_sqe *sqe, 


	id = READ_ONCE(sqe->personality);

	if (id) {

		const struct cred *personality_creds;



		personality_creds = idr_find(&ctx->personality_idr, id);

		if (unlikely(!personality_creds)) {

		req->work.creds = idr_find(&ctx->personality_idr, id);

		if (unlikely(!req->work.creds)) {

			ret = -EINVAL;

			goto err_req;

		}

		old_creds = override_creds(personality_creds);

		get_cred(req->work.creds);

	}



	/* same numerical values with corresponding REQ_F_*, safe to copy */
@@ -4837,8 +4846,6 @@ static bool io_submit_sqe(struct io_kiocb *req, const struct io_uring_sqe *sqe, 
err_req:

		io_cqring_add_event(req, ret);

		io_double_put_req(req);

		if (old_creds)

			revert_creds(old_creds);

		return false;

	}
@@ -4899,8 +4906,6 @@ err_req: 
		}

	}



	if (old_creds)

		revert_creds(old_creds);

	return true;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE