Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1754319pxb; Thu, 16 Sep 2021 14:57:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXxDJJhBKQbE7DQ66pjSAZ30TbeOav5lZNuixo88WjR/ANxMnASsNs7xojXWxX1jtHwxnr X-Received: by 2002:a92:6907:: with SMTP id e7mr5419838ilc.301.1631829444325; Thu, 16 Sep 2021 14:57:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631829444; cv=none; d=google.com; s=arc-20160816; b=jU5kAO1Ibib7naoprG+LAXOfGamOBlWUc7L2Hh7s7dNDoFsqkUoKutQ2+MzFXa5G8e Y9dTv3OsPZ/l2vRwzSavgynQqx/b0jLqS3EZkZ5HTYaUvHnhlNMC2k/QLlJGt1z7GtJZ xMCoYiZgfT9ZEAtQTQhIGjCxOynP75f7XO2iPV2oFyORp+MSbZGxg9iGHWzPutsE6TaO UahDGOFSEwvZOPbnPsQjTEC++0K6He/P2KN2xprsacSju+wHDus9MFvrxGyBPgcxAoeu 2D2ZXIczn+f/taigyZ4MzA0CE7cTyW1vnd0pKzjtQIJB7rG6HyUrM9xdim7gAD/M0W9f C8kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=yvQpYPytYcEAgb5YqooWcUU9DBsk/eS4dMkjgovO8yM=; b=AwAL+xcLr/Xl/0ABOrAE6NMqsDihJwNHYg0iH4+fuOnzlMdELRA2QwIPUv+RVOIyS8 yseEBdQQ2f1aW7+h7R4B3MbaWfznNInZ8c6Y5M+53zXn7kLezDnrkOpgA0/sKp7GIQZw UjqK4MmBsOkuJfVFxkrARem/eXiGf1vFNrVm2/SY6LJhBK+k+0KR/VfAckk6c6Wazkzx Wm0u9pVevqwYdDuQoei29Rl3OvHVzClh1m73o0sVaAX9qAm+UxfT3H06O0qut7VhVLUU GvJQ1ByY26O0O5xeh9JgL2PwMFZkR0yM+fuBXKeqwIv4buOJkKUmKv04YBFqdete2vPp DwMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=V2AzFnXq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d2si4451530ilg.24.2021.09.16.14.57.12; Thu, 16 Sep 2021 14:57:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=V2AzFnXq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243721AbhIPQi7 (ORCPT + 99 others); Thu, 16 Sep 2021 12:38:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:44348 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243333AbhIPQbL (ORCPT ); Thu, 16 Sep 2021 12:31:11 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9BB7C61391; Thu, 16 Sep 2021 16:19:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631809157; bh=ACEv7mGYILmwjxdiUIA6X3I3eeRBxR/2Y4NXtOulj4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=V2AzFnXqS6mkYd95yq5jKjRBIZAGWy+Pm2Kd7fr9t5YY9dTNBCnuRNSODF6ix5ctF tANVzmqtE4T+d8tyOqYD7veFZTwblSElCGUUONw3hHFVv8A9V2EOc3X9G9NZiMZJP5 jFP9RWXFLAuGhSNwPnDBlquc/m3iZ6waN1NBuf80= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Begunkov , Jens Axboe Subject: [PATCH 5.13 052/380] io_uring: add ->splice_fd_in checks Date: Thu, 16 Sep 2021 17:56:49 +0200 Message-Id: <20210916155805.751905627@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210916155803.966362085@linuxfoundation.org> References: <20210916155803.966362085@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pavel Begunkov commit 26578cda3db983b17cabe4e577af26306beb9987 upstream. ->splice_fd_in is used only by splice/tee, but no other request checks it for validity. Add the check for most of request types excluding reads/writes/sends/recvs, we don't want overhead for them and can leave them be as is until the field is actually used. Cc: stable@vger.kernel.org Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/f44bc2acd6777d932de3d71a5692235b5b2b7397.1629451684.git.asml.silence@gmail.com Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 52 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 22 deletions(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3474,7 +3474,7 @@ static int io_renameat_prep(struct io_ki if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3525,7 +3525,8 @@ static int io_unlinkat_prep(struct io_ki if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3571,8 +3572,8 @@ static int io_shutdown_prep(struct io_ki #if defined(CONFIG_NET) if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || - sqe->buf_index) + if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags || + sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; req->shutdown.how = READ_ONCE(sqe->len); @@ -3720,7 +3721,8 @@ static int io_fsync_prep(struct io_kiocb if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.flags = READ_ONCE(sqe->fsync_flags); @@ -3753,7 +3755,8 @@ static int io_fsync(struct io_kiocb *req static int io_fallocate_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -3784,7 +3787,7 @@ static int __io_openat_prep(struct io_ki const char __user *fname; int ret; - if (unlikely(sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)) return -EINVAL; if (unlikely(req->flags & REQ_F_FIXED_FILE)) return -EBADF; @@ -3909,7 +3912,8 @@ static int io_remove_buffers_prep(struct struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off) + if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off || + sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -3980,7 +3984,7 @@ static int io_provide_buffers_prep(struc struct io_provide_buf *p = &req->pbuf; u64 tmp; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; tmp = READ_ONCE(sqe->fd); @@ -4067,7 +4071,7 @@ static int io_epoll_ctl_prep(struct io_k const struct io_uring_sqe *sqe) { #if defined(CONFIG_EPOLL) - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4113,7 +4117,7 @@ static int io_epoll_ctl(struct io_kiocb static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { #if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU) - if (sqe->ioprio || sqe->buf_index || sqe->off) + if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4148,7 +4152,7 @@ static int io_madvise(struct io_kiocb *r static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { - if (sqe->ioprio || sqe->buf_index || sqe->addr) + if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in) return -EINVAL; if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; @@ -4186,7 +4190,7 @@ static int io_statx_prep(struct io_kiocb { if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4222,7 +4226,7 @@ static int io_close_prep(struct io_kiocb if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; if (sqe->ioprio || sqe->off || sqe->addr || sqe->len || - sqe->rw_flags || sqe->buf_index) + sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; if (req->flags & REQ_F_FIXED_FILE) return -EBADF; @@ -4283,7 +4287,8 @@ static int io_sfr_prep(struct io_kiocb * if (unlikely(ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index)) + if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index || + sqe->splice_fd_in)) return -EINVAL; req->sync.off = READ_ONCE(sqe->off); @@ -4710,7 +4715,7 @@ static int io_accept_prep(struct io_kioc if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -4758,7 +4763,8 @@ static int io_connect_prep(struct io_kio if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags) + if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags || + sqe->splice_fd_in) return -EINVAL; conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr)); @@ -5368,7 +5374,7 @@ static int io_poll_update_prep(struct io if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index) + if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in) return -EINVAL; flags = READ_ONCE(sqe->len); if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA | @@ -5603,7 +5609,7 @@ static int io_timeout_remove_prep(struct return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len) + if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in) return -EINVAL; tr->addr = READ_ONCE(sqe->addr); @@ -5662,7 +5668,8 @@ static int io_timeout_prep(struct io_kio if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; - if (sqe->ioprio || sqe->buf_index || sqe->len != 1) + if (sqe->ioprio || sqe->buf_index || sqe->len != 1 || + sqe->splice_fd_in) return -EINVAL; if (off && is_timeout_link) return -EINVAL; @@ -5811,7 +5818,8 @@ static int io_async_cancel_prep(struct i return -EINVAL; if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags) + if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags || + sqe->splice_fd_in) return -EINVAL; req->cancel.addr = READ_ONCE(sqe->addr); @@ -5868,7 +5876,7 @@ static int io_rsrc_update_prep(struct io { if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT))) return -EINVAL; - if (sqe->ioprio || sqe->rw_flags) + if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in) return -EINVAL; req->rsrc_update.offset = READ_ONCE(sqe->off);