io_uring: add missing item types for various requests

stable inclusion
from stable-v5.10.125
commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5IM3T
CVE: CVE-2022-2327

--------------------------------

Any read/write should grab current->nsproxy, denoted by IO_WQ_WORK_FILES
as it refers to current->files as well, and connect and recv/recvmsg,
send/sendmsg should grab current->fs which is denoted by IO_WQ_WORK_FS.

No upstream commit exists for this issue.
Reported-by: NBing-Jhong Billy Jheng <billy@starlabs.sg>
Signed-off-by: NJens Axboe <axboe@kernel.dk>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Conflicts:
1. read/write already grab current->nsproxy, thus don't modified
read/write related ops.
2. 'work_flags' doesn't exist, io_op_def is using field 'needs_fs' to
decide if 'current->fs' should be grabbed.
Signed-off-by: NYu Kuai <yukuai3@huawei.com>
Reviewed-by: NZhang Yi <yi.zhang@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NYongqiang Liu <liuyongqiang13@huawei.com>

fs/io_uring.c

@@ -816,6 +816,7 @@ static const struct io_op_def io_op_defs[] = {
 		.async_ctx		= 1,
 		.needs_mm		= 1,
 		.needs_file		= 1,
+		.needs_fs		= 1,
 		.unbound_nonreg_file	= 1,
 		.pollout		= 1,
 	},
@@ -864,12 +865,14 @@ static const struct io_op_def io_op_defs[] = {
 	[IORING_OP_SEND] = {
 		.needs_mm		= 1,
 		.needs_file		= 1,
+		.needs_fs		= 1,
 		.unbound_nonreg_file	= 1,
 		.pollout		= 1,
 	},
 	[IORING_OP_RECV] = {
 		.needs_mm		= 1,
 		.needs_file		= 1,
+		.needs_fs		= 1,
 		.unbound_nonreg_file	= 1,
 		.pollin			= 1,
 		.buffer_select		= 1,