From patchwork Tue Sep 29 11:01:41 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg KH <gregkh@linuxfoundation.org>
X-Patchwork-Id: 291068
Return-Path: <SRS0=j5F6=DG=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,
 MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS,
 URIBL_BLOCKED, 
 USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 69755C4741F
 for <stable@archiver.kernel.org>;
 Tue, 29 Sep 2020 11:51:00 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 1293B206A5
 for <stable@archiver.kernel.org>;
 Tue, 29 Sep 2020 11:51:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1601380260;
 bh=gmUfHcRNOMsi8iXW2jc6KIgwQ4oBWMzx6TbG1531NnQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From;
 b=UtRfIicwiEEecwF9fU322sDM8NtiknDODZkGmzn67Qp+uB4IHJf13vlwZDvqZdnEV
 OPgEkBZotDru1qUDN+/ef3WVVNid0fdoiZ1gUdOczTL4Op8Avc+Af9dq6ihZaBTSiO
 TRvl60p0syatRRyd63TcNMftptvXxZG6FiHmMtWw=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1730945AbgI2LtJ (ORCPT <rfc822;stable@archiver.kernel.org>);
 Tue, 29 Sep 2020 07:49:09 -0400
Received: from mail.kernel.org ([198.145.29.99]:52162 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1731172AbgI2LtI (ORCPT <rfc822;stable@vger.kernel.org>);
 Tue, 29 Sep 2020 07:49:08 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id DD048206F7;
 Tue, 29 Sep 2020 11:49:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1601380147;
 bh=gmUfHcRNOMsi8iXW2jc6KIgwQ4oBWMzx6TbG1531NnQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=YHxTWsdk5wPHr85nKTEptnPhssmYTlQ8Xk3S2CoPXCYkC+RedfrUlasaR7oSarv8G
 ns8OZ0AAsIYBIxQ035oEvGrLpmOXLupYieQipnzEX6Bont8OIS+v2dRfdZ3HF8Uoz8
 A/Pd8/IEogAkl6XM/3ThVDcN3O7ithR5EV+Jw4lA=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Andy Lutomirski <luto@kernel.org>,
 Jens Axboe <axboe@kernel.dk>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.8 58/99] io_uring: fix openat/openat2 unified prep handling
Date: Tue, 29 Sep 2020 13:01:41 +0200
Message-Id: <20200929105932.583523181@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200929105929.719230296@linuxfoundation.org>
References: <20200929105929.719230296@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Jens Axboe <axboe@kernel.dk>

[ Upstream commit 4eb8dded6b82e184c09bb963bea0335fa3f30b55 ]

A previous commit unified how we handle prep for these two functions,
but this means that we check the allowed context (SQPOLL, specifically)
later than we should. Move the ring type checking into the two parent
functions, instead of doing it after we've done some setup work.

Fixes: ec65fea5a8d7 ("io_uring: deduplicate io_openat{,2}_prep()")
Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/io_uring.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index d05023ca74bdc..849e39c3cfcd7 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3056,8 +3056,6 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe
 	const char __user *fname;
 	int ret;
 
-	if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
-		return -EINVAL;
 	if (unlikely(sqe->ioprio || sqe->buf_index))
 		return -EINVAL;
 	if (unlikely(req->flags & REQ_F_FIXED_FILE))
@@ -3084,6 +3082,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 {
 	u64 flags, mode;
 
+	if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
+		return -EINVAL;
 	if (req->flags & REQ_F_NEED_CLEANUP)
 		return 0;
 	mode = READ_ONCE(sqe->len);
@@ -3098,6 +3098,8 @@ static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 	size_t len;
 	int ret;
 
+	if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
+		return -EINVAL;
 	if (req->flags & REQ_F_NEED_CLEANUP)
 		return 0;
 	how = u64_to_user_ptr(READ_ONCE(sqe->addr2));