From 044d8052e6fe67aca6d15527ed8d5d2642a15e7d Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Thu, 15 Apr 2021 17:36:35 +0800 Subject: [PATCH] io_uring: statx/openat/openat2 don't support fixed files mainline inclusion from mainline-5.6-rc2 commit cf3040ca55f2085b0a372a620ee2cb93ae19b686 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA --------------------------- All of these opcodes take a directory file descriptor. We can't easily support fixed files for these operations, and the use case for that probably isn't all that clear (or sensible) anyway. Disable IOSQE_FIXED_FILE for these operations. Reported-by: Stefan Metzmacher Signed-off-by: Jens Axboe Conflicts: fs/io_uring.c [skip openat2 for commit cebdb98617ae ("io_uring: add support for IORING_OP_OPENAT2") is not applied] Signed-off-by: yangerkun Reviewed-by: zhangyi (F) Signed-off-by: Cheng Jian --- fs/io_uring.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 06dc99420f87..cde4ef4c7638 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2511,6 +2511,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (sqe->ioprio || sqe->buf_index) return -EINVAL; + if (sqe->flags & IOSQE_FIXED_FILE) + return -EBADF; req->open.dfd = READ_ONCE(sqe->fd); req->open.mode = READ_ONCE(sqe->len); @@ -2688,6 +2690,8 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (sqe->ioprio || sqe->buf_index) return -EINVAL; + if (sqe->flags & IOSQE_FIXED_FILE) + return -EBADF; req->open.dfd = READ_ONCE(sqe->fd); req->open.mask = READ_ONCE(sqe->len); @@ -2761,7 +2765,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) sqe->rw_flags || sqe->buf_index) return -EINVAL; if (sqe->flags & IOSQE_FIXED_FILE) - return -EINVAL; + return -EBADF; req->close.fd = READ_ONCE(sqe->fd); if (req->file->f_op == &io_uring_fops || -- GitLab