Skip to content

Commit 44d2827

Browse files
committed
io_uring: only allow submit from owning task
If the credentials or the mm doesn't match, don't allow the task to submit anything on behalf of this ring. The task that owns the ring can pass the file descriptor to another task, but we don't want to allow that task to submit an SQE that then assumes the ring mm and creds if it needs to go async. Cc: [email protected] Suggested-by: Stefan Metzmacher <[email protected]> Signed-off-by: Jens Axboe <[email protected]>
1 parent 11ba820 commit 44d2827

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

fs/io_uring.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5159,6 +5159,12 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
51595159
} else if (to_submit) {
51605160
struct mm_struct *cur_mm;
51615161

5162+
if (current->mm != ctx->sqo_mm ||
5163+
current_cred() != ctx->creds) {
5164+
ret = -EPERM;
5165+
goto out;
5166+
}
5167+
51625168
to_submit = min(to_submit, ctx->sq_entries);
51635169
mutex_lock(&ctx->uring_lock);
51645170
/* already have mm, so io_submit_sqes() won't try to grab it */

0 commit comments

Comments
 (0)