io_uring: only allow submit from owning task
commit 44d282796f
upstream.
If the credentials or the mm doesn't match, don't allow the task to
submit anything on behalf of this ring. The task that owns the ring can
pass the file descriptor to another task, but we don't want to allow
that task to submit an SQE that then assumes the ring mm and creds if
it needs to go async.
Cc: stable@vger.kernel.org
Suggested-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
7e7f29200f
commit
af2e7c923d
|
@ -3716,6 +3716,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
|
|||
wake_up(&ctx->sqo_wait);
|
||||
submitted = to_submit;
|
||||
} else if (to_submit) {
|
||||
if (current->mm != ctx->sqo_mm ||
|
||||
current_cred() != ctx->creds) {
|
||||
ret = -EPERM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
to_submit = min(to_submit, ctx->sq_entries);
|
||||
|
||||
mutex_lock(&ctx->uring_lock);
|
||||
|
|
Loading…
Reference in New Issue