Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4833029ybl;
        Wed, 22 Jan 2020 05:34:50 -0800 (PST)
X-Google-Smtp-Source: APXvYqx7+El6r73DoI+QMim4w7TKsYHfmCv6PlrUnRbp3Eh8xIKqunSjR1walM8G40eNQtv12eGN
X-Received: by 2002:a9d:784b:: with SMTP id c11mr7037431otm.246.1579700090641;
        Wed, 22 Jan 2020 05:34:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579700090; cv=none;
        d=google.com; s=arc-20160816;
        b=nyzJU+F76u1wNLInKnE9Q3lQbHr82biuEI3IQbVRZduEEXPVRoIig4GzEBuLQnHaMV
         xNBTiwNmky++oLknmNwVWhv8H1GzZ/SVHTQvWCTHv348BG11UpNLfWkIcdSCEq+G/Zfr
         mNLmUzr1VywR6osF6ZUJ5195onbycMWWE4o7OKs39CPzlHyBOI3OjmOh9gpogRA9ZCyY
         UmHLNgjqfaSwF40vFdPyJuI1aozrgJWeEZwMI9BowAd16mn42n5HHHQprgUQyzfwG5GA
         gvtAiv+EVWVgZCJThYbla4ehWZdowJAM9Iod4xnbIrOP4coO19kqHtyeDwfdAM6Pa3nU
         wSNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=c4dfmga3u61dqYc3I1AY/dk1VoeOm3ciHJlvFlmI37M=;
        b=BaSujimtmpY7zz+/1Mbi9e3VRQbMtv2DCJwTASe8M8mgJtgjuyqotdyfx5pkPjvM4T
         Ax5OzRNuY3LghqyDDQBPMx7Rm/7dSmU46przZj780A0Sk271OYtUe1SQugpJCLRpI/Kr
         KnNn8DDU3vHqK/Z9JFvQLYxc6MTXcrsFou94WxViaDQ1B6O8gjczkS2vPwtaU74hxsvK
         Il2AhfAgnzrN48oRwx58hRc64exmltlFEnWhSmpxl4ZjzaovQnswjnrAzhkt98k7v1Aj
         2rG5qCwLvjSM3dc4/Ggrcp0H1ISYHHn85IwxamZra+GqqvPEeIcG7C9JePsgwJ4+x/fz
         Pu7A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=daqRY0AL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z22si9939400otq.94.2020.01.22.05.34.38;
        Wed, 22 Jan 2020 05:34:50 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=daqRY0AL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729508AbgAVNTA (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Wed, 22 Jan 2020 08:19:00 -0500
Received: from mail.kernel.org ([198.145.29.99]:34656 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725924AbgAVNSx (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Jan 2020 08:18:53 -0500
Received: from localhost (unknown [84.241.205.26])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id E39AA205F4;
        Wed, 22 Jan 2020 13:18:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1579699132;
        bh=qFu7OqLxiAfjXgCPK2D2NL2a2kSle7lyuguriALwEBI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=daqRY0ALQ0zTZqWQqfNUG8tg0r6WEcVQKZZfF7He1v71WNRvgFQnT0Uahfl53JVzx
         2mKQc9I1AAxtZs8Kb4vjgb3hXdw5CTyk/zjNUpnHyhvokx0aYMteNfB+OsNsnqYeVf
         7EaSC+vAU9jWYTnFxaJ8OC2ruOIs2wlcSJfitF08=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Stefan Metzmacher <metze@samba.org>,
        Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 5.4 033/222] io_uring: only allow submit from owning task
Date:   Wed, 22 Jan 2020 10:26:59 +0100
Message-Id: <20200122092835.852416399@linuxfoundation.org>
X-Mailer: git-send-email 2.25.0
In-Reply-To: <20200122092833.339495161@linuxfoundation.org>
References: <20200122092833.339495161@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jens Axboe <axboe@kernel.dk>

commit 44d282796f81eb1debc1d7cb53245b4cb3214cb5 upstream.

If the credentials or the mm doesn't match, don't allow the task to
submit anything on behalf of this ring. The task that owns the ring can
pass the file descriptor to another task, but we don't want to allow
that task to submit an SQE that then assumes the ring mm and creds if
it needs to go async.

Cc: stable@vger.kernel.org
Suggested-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 fs/io_uring.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3716,6 +3716,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned
 			wake_up(&ctx->sqo_wait);
 		submitted = to_submit;
 	} else if (to_submit) {
+		if (current->mm != ctx->sqo_mm ||
+		    current_cred() != ctx->creds) {
+			ret = -EPERM;
+			goto out;
+		}
+
 		to_submit = min(to_submit, ctx->sq_entries);
 
 		mutex_lock(&ctx->uring_lock);