From a717445c6d2bfc48bed63bd0dd6e32aede82ceb0 Mon Sep 17 00:00:00 2001
From: Pavel Begunkov <asml.silence@gmail.com>
Date: Thu, 15 Apr 2021 17:36:46 +0800
Subject: [PATCH] io_uring: fix openat/statx's filename leak

mainline inclusion
from mainline-5.6-rc2
commit 0bdbdd08a8f991bdaee54465a168c0795ea5d28b
category: feature
bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27
CVE: NA
---------------------------

As in the previous patch, make openat*_prep() and statx_prep() handle
double preparation to avoid resource leakage.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Conflicts:
	fs/io_uring.c
[skip io_openat2_prep() for commit cebdb98617ae
 ("io_uring: add support for IORING_OP_OPENAT2") not merged]
Signed-off-by: yangerkun <yangerkun@huawei.com>
Reviewed-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>
---
 fs/io_uring.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 2e61433e6da6..465c46f48025 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2554,6 +2554,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		return -EINVAL;
 	if (sqe->flags & IOSQE_FIXED_FILE)
 		return -EBADF;
+	if (req->flags & REQ_F_NEED_CLEANUP)
+		return 0;
 
 	req->open.dfd = READ_ONCE(sqe->fd);
 	req->open.mode = READ_ONCE(sqe->len);
@@ -2735,6 +2737,8 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		return -EINVAL;
 	if (sqe->flags & IOSQE_FIXED_FILE)
 		return -EBADF;
+	if (req->flags & REQ_F_NEED_CLEANUP)
+		return 0;
 
 	req->open.dfd = READ_ONCE(sqe->fd);
 	req->open.mask = READ_ONCE(sqe->len);
-- 
GitLab