diff options
| author | Jens Axboe <axboe@kernel.dk> | 2020-01-16 19:00:24 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-23 08:22:32 +0100 |
| commit | af2e7c923dabca32f1224b178198817536318c71 (patch) | |
| tree | 99184f514c771ee88505dca403e4c2ed822f68c9 /fs/io_uring.c | |
| parent | 7e7f29200f2d73d3f15fd5718706f2b73a5c420d (diff) | |
| download | linux-stable-af2e7c923dabca32f1224b178198817536318c71.tar.gz linux-stable-af2e7c923dabca32f1224b178198817536318c71.tar.bz2 linux-stable-af2e7c923dabca32f1224b178198817536318c71.zip | |
io_uring: only allow submit from owning task
commit 44d282796f81eb1debc1d7cb53245b4cb3214cb5 upstream.
If the credentials or the mm doesn't match, don't allow the task to
submit anything on behalf of this ring. The task that owns the ring can
pass the file descriptor to another task, but we don't want to allow
that task to submit an SQE that then assumes the ring mm and creds if
it needs to go async.
Cc: stable@vger.kernel.org
Suggested-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/io_uring.c')
| -rw-r--r-- | fs/io_uring.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 709671faaed6..b1c9ad1fb9e1 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3716,6 +3716,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, wake_up(&ctx->sqo_wait); submitted = to_submit; } else if (to_submit) { + if (current->mm != ctx->sqo_mm || + current_cred() != ctx->creds) { + ret = -EPERM; + goto out; + } + to_submit = min(to_submit, ctx->sq_entries); mutex_lock(&ctx->uring_lock); |