Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4833029ybl; Wed, 22 Jan 2020 05:34:50 -0800 (PST) X-Google-Smtp-Source: APXvYqx7+El6r73DoI+QMim4w7TKsYHfmCv6PlrUnRbp3Eh8xIKqunSjR1walM8G40eNQtv12eGN X-Received: by 2002:a9d:784b:: with SMTP id c11mr7037431otm.246.1579700090641; Wed, 22 Jan 2020 05:34:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579700090; cv=none; d=google.com; s=arc-20160816; b=nyzJU+F76u1wNLInKnE9Q3lQbHr82biuEI3IQbVRZduEEXPVRoIig4GzEBuLQnHaMV xNBTiwNmky++oLknmNwVWhv8H1GzZ/SVHTQvWCTHv348BG11UpNLfWkIcdSCEq+G/Zfr mNLmUzr1VywR6osF6ZUJ5195onbycMWWE4o7OKs39CPzlHyBOI3OjmOh9gpogRA9ZCyY UmHLNgjqfaSwF40vFdPyJuI1aozrgJWeEZwMI9BowAd16mn42n5HHHQprgUQyzfwG5GA gvtAiv+EVWVgZCJThYbla4ehWZdowJAM9Iod4xnbIrOP4coO19kqHtyeDwfdAM6Pa3nU wSNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=c4dfmga3u61dqYc3I1AY/dk1VoeOm3ciHJlvFlmI37M=; b=BaSujimtmpY7zz+/1Mbi9e3VRQbMtv2DCJwTASe8M8mgJtgjuyqotdyfx5pkPjvM4T Ax5OzRNuY3LghqyDDQBPMx7Rm/7dSmU46przZj780A0Sk271OYtUe1SQugpJCLRpI/Kr KnNn8DDU3vHqK/Z9JFvQLYxc6MTXcrsFou94WxViaDQ1B6O8gjczkS2vPwtaU74hxsvK Il2AhfAgnzrN48oRwx58hRc64exmltlFEnWhSmpxl4ZjzaovQnswjnrAzhkt98k7v1Aj 2rG5qCwLvjSM3dc4/Ggrcp0H1ISYHHn85IwxamZra+GqqvPEeIcG7C9JePsgwJ4+x/fz Pu7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=daqRY0AL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z22si9939400otq.94.2020.01.22.05.34.38; Wed, 22 Jan 2020 05:34:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=daqRY0AL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729508AbgAVNTA (ORCPT + 99 others); Wed, 22 Jan 2020 08:19:00 -0500 Received: from mail.kernel.org ([198.145.29.99]:34656 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725924AbgAVNSx (ORCPT ); Wed, 22 Jan 2020 08:18:53 -0500 Received: from localhost (unknown [84.241.205.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E39AA205F4; Wed, 22 Jan 2020 13:18:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579699132; bh=qFu7OqLxiAfjXgCPK2D2NL2a2kSle7lyuguriALwEBI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=daqRY0ALQ0zTZqWQqfNUG8tg0r6WEcVQKZZfF7He1v71WNRvgFQnT0Uahfl53JVzx 2mKQc9I1AAxtZs8Kb4vjgb3hXdw5CTyk/zjNUpnHyhvokx0aYMteNfB+OsNsnqYeVf 7EaSC+vAU9jWYTnFxaJ8OC2ruOIs2wlcSJfitF08= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Metzmacher , Jens Axboe Subject: [PATCH 5.4 033/222] io_uring: only allow submit from owning task Date: Wed, 22 Jan 2020 10:26:59 +0100 Message-Id: <20200122092835.852416399@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200122092833.339495161@linuxfoundation.org> References: <20200122092833.339495161@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe commit 44d282796f81eb1debc1d7cb53245b4cb3214cb5 upstream. If the credentials or the mm doesn't match, don't allow the task to submit anything on behalf of this ring. The task that owns the ring can pass the file descriptor to another task, but we don't want to allow that task to submit an SQE that then assumes the ring mm and creds if it needs to go async. Cc: stable@vger.kernel.org Suggested-by: Stefan Metzmacher Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3716,6 +3716,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned wake_up(&ctx->sqo_wait); submitted = to_submit; } else if (to_submit) { + if (current->mm != ctx->sqo_mm || + current_cred() != ctx->creds) { + ret = -EPERM; + goto out; + } + to_submit = min(to_submit, ctx->sq_entries); mutex_lock(&ctx->uring_lock);