io_uring: only allow submit from owning task
If the credentials or the mm doesn't match, don't allow the task to submit anything on behalf of this ring. The task that owns the ring can pass the file descriptor to another task, but we don't want to allow that task to submit an SQE that then assumes the ring mm and creds if it needs to go async. Cc: stable@vger.kernel.org Suggested-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
		
							parent
							
								
									11ba820bf1
								
							
						
					
					
						commit
						44d282796f
					
				| @ -5159,6 +5159,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, | ||||
| 	} else if (to_submit) { | ||||
| 		struct mm_struct *cur_mm; | ||||
| 
 | ||||
| 		if (current->mm != ctx->sqo_mm || | ||||
| 		    current_cred() != ctx->creds) { | ||||
| 			ret = -EPERM; | ||||
| 			goto out; | ||||
| 		} | ||||
| 
 | ||||
| 		to_submit = min(to_submit, ctx->sq_entries); | ||||
| 		mutex_lock(&ctx->uring_lock); | ||||
| 		/* already have mm, so io_submit_sqes() won't try to grab it */ | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user