io_uring stable additions

io_uring stable additions

[Jens Axboe]

[-- Attachment #1: Type: text/plain, Size: 1095 bytes --]

Hi,

I have a few commits that went into 5.5-rc that should go into stable. The
first one is:

commit 181e448d8709e517c9c7b523fcd209f24eb38ca7
Author: Jens Axboe <axboe@kernel.dk>
Date:   Mon Nov 25 08:52:30 2019 -0700

     io_uring: async workers should inherit the user creds

and I'm attaching a 5.4 port of this patch, since the one in 5.5 is built
on top of new code. The 5.4 port will apply all the way back to 5.1 when
io_uring was introduced.

Secondly, these two (in order):

commit 4257c8ca13b084550574b8c9a667d9c90ff746eb
Author: Jens Axboe <axboe@kernel.dk>
Date:   Mon Nov 25 14:27:34 2019 -0700

     net: separate out the msghdr copy from ___sys_{send,recv}msg()

and

commit d69e07793f891524c6bbf1e75b9ae69db4450953
Author: Jens Axboe <axboe@kernel.dk>
Date:   Mon Nov 25 17:04:13 2019 -0700

     net: disallow ancillary data for __sys_{send,recv}msg_file()

should be applied to 5.3/5.4 stable as well. They might look like pure
networking commits, but only io_uring uses the interface.

These three fix important issues, which is why we need them in stable.

-- 
Jens Axboe


[-- Attachment #2: 5.4-stable-creds --]
[-- Type: text/plain, Size: 3429 bytes --]

commit 3edc936354a5a0ad38a4c258e5db8f7c2e2eb505
Author: Jens Axboe <axboe@kernel.dk>
Date:   Mon Nov 25 09:09:43 2019 -0700

    io_uring: async workers should inherit the user creds
    
    If we don't inherit the original task creds, then we can confuse users
    like fuse that pass creds in the request header. See link below on
    identical aio issue.
    
    Link: https://lore.kernel.org/linux-fsdevel/26f0d78e-99ca-2f1b-78b9-433088053a61@scylladb.com/T/#u
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 2c819c3c855d..cbe8dabb6479 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -238,6 +238,8 @@ struct io_ring_ctx {
 
 	struct user_struct	*user;
 
+	struct cred		*creds;
+
 	struct completion	ctx_done;
 
 	struct {
@@ -1752,8 +1754,11 @@ static void io_poll_complete_work(struct work_struct *work)
 	struct io_poll_iocb *poll = &req->poll;
 	struct poll_table_struct pt = { ._key = poll->events };
 	struct io_ring_ctx *ctx = req->ctx;
+	const struct cred *old_cred;
 	__poll_t mask = 0;
 
+	old_cred = override_creds(ctx->creds);
+
 	if (!READ_ONCE(poll->canceled))
 		mask = vfs_poll(poll->file, &pt) & poll->events;
 
@@ -1768,7 +1773,7 @@ static void io_poll_complete_work(struct work_struct *work)
 	if (!mask && !READ_ONCE(poll->canceled)) {
 		add_wait_queue(poll->head, &poll->wait);
 		spin_unlock_irq(&ctx->completion_lock);
-		return;
+		goto out;
 	}
 	list_del_init(&req->list);
 	io_poll_complete(ctx, req, mask);
@@ -1776,6 +1781,8 @@ static void io_poll_complete_work(struct work_struct *work)
 
 	io_cqring_ev_posted(ctx);
 	io_put_req(req);
+out:
+	revert_creds(old_cred);
 }
 
 static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
@@ -2147,10 +2154,12 @@ static void io_sq_wq_submit_work(struct work_struct *work)
 	struct io_ring_ctx *ctx = req->ctx;
 	struct mm_struct *cur_mm = NULL;
 	struct async_list *async_list;
+	const struct cred *old_cred;
 	LIST_HEAD(req_list);
 	mm_segment_t old_fs;
 	int ret;
 
+	old_cred = override_creds(ctx->creds);
 	async_list = io_async_list_from_sqe(ctx, req->submit.sqe);
 restart:
 	do {
@@ -2258,6 +2267,7 @@ static void io_sq_wq_submit_work(struct work_struct *work)
 		unuse_mm(cur_mm);
 		mmput(cur_mm);
 	}
+	revert_creds(old_cred);
 }
 
 /*
@@ -2663,6 +2673,7 @@ static int io_sq_thread(void *data)
 {
 	struct io_ring_ctx *ctx = data;
 	struct mm_struct *cur_mm = NULL;
+	const struct cred *old_cred;
 	mm_segment_t old_fs;
 	DEFINE_WAIT(wait);
 	unsigned inflight;
@@ -2672,6 +2683,7 @@ static int io_sq_thread(void *data)
 
 	old_fs = get_fs();
 	set_fs(USER_DS);
+	old_cred = override_creds(ctx->creds);
 
 	timeout = inflight = 0;
 	while (!kthread_should_park()) {
@@ -2782,6 +2794,7 @@ static int io_sq_thread(void *data)
 		unuse_mm(cur_mm);
 		mmput(cur_mm);
 	}
+	revert_creds(old_cred);
 
 	kthread_parkme();
 
@@ -3567,6 +3580,8 @@ static void io_ring_ctx_free(struct io_ring_ctx *ctx)
 		io_unaccount_mem(ctx->user,
 				ring_pages(ctx->sq_entries, ctx->cq_entries));
 	free_uid(ctx->user);
+	if (ctx->creds)
+		put_cred(ctx->creds);
 	kfree(ctx);
 }
 
@@ -3838,6 +3853,12 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p)
 	ctx->account_mem = account_mem;
 	ctx->user = user;
 
+	ctx->creds = prepare_creds();
+	if (!ctx->creds) {
+		ret = -ENOMEM;
+		goto err;
+	}
+
 	ret = io_allocate_scq_urings(ctx, p);
 	if (ret)
 		goto err;

Re: io_uring stable additions

[Sasha Levin]

On Thu, Nov 28, 2019 at 04:40:38PM -0800, Jens Axboe wrote:
>Hi,
>
>I have a few commits that went into 5.5-rc that should go into stable. The
>first one is:
>
>commit 181e448d8709e517c9c7b523fcd209f24eb38ca7
>Author: Jens Axboe <axboe@kernel.dk>
>Date:   Mon Nov 25 08:52:30 2019 -0700
>
>    io_uring: async workers should inherit the user creds
>
>and I'm attaching a 5.4 port of this patch, since the one in 5.5 is built
>on top of new code. The 5.4 port will apply all the way back to 5.1 when
>io_uring was introduced.
>
>Secondly, these two (in order):
>
>commit 4257c8ca13b084550574b8c9a667d9c90ff746eb
>Author: Jens Axboe <axboe@kernel.dk>
>Date:   Mon Nov 25 14:27:34 2019 -0700
>
>    net: separate out the msghdr copy from ___sys_{send,recv}msg()
>
>and
>
>commit d69e07793f891524c6bbf1e75b9ae69db4450953
>Author: Jens Axboe <axboe@kernel.dk>
>Date:   Mon Nov 25 17:04:13 2019 -0700
>
>    net: disallow ancillary data for __sys_{send,recv}msg_file()
>
>should be applied to 5.3/5.4 stable as well. They might look like pure
>networking commits, but only io_uring uses the interface.
>
>These three fix important issues, which is why we need them in stable.

I've queued these three fixes to 5.4 and 5.3, thanks!

-- 
Thanks,
Sasha

Re: io_uring stable additions

[Jens Axboe]

On 11/29/19 11:52 AM, Sasha Levin wrote:
> On Thu, Nov 28, 2019 at 04:40:38PM -0800, Jens Axboe wrote:
>> Hi,
>>
>> I have a few commits that went into 5.5-rc that should go into stable. The
>> first one is:
>>
>> commit 181e448d8709e517c9c7b523fcd209f24eb38ca7
>> Author: Jens Axboe <axboe@kernel.dk>
>> Date:   Mon Nov 25 08:52:30 2019 -0700
>>
>>     io_uring: async workers should inherit the user creds
>>
>> and I'm attaching a 5.4 port of this patch, since the one in 5.5 is built
>> on top of new code. The 5.4 port will apply all the way back to 5.1 when
>> io_uring was introduced.
>>
>> Secondly, these two (in order):
>>
>> commit 4257c8ca13b084550574b8c9a667d9c90ff746eb
>> Author: Jens Axboe <axboe@kernel.dk>
>> Date:   Mon Nov 25 14:27:34 2019 -0700
>>
>>     net: separate out the msghdr copy from ___sys_{send,recv}msg()
>>
>> and
>>
>> commit d69e07793f891524c6bbf1e75b9ae69db4450953
>> Author: Jens Axboe <axboe@kernel.dk>
>> Date:   Mon Nov 25 17:04:13 2019 -0700
>>
>>     net: disallow ancillary data for __sys_{send,recv}msg_file()
>>
>> should be applied to 5.3/5.4 stable as well. They might look like pure
>> networking commits, but only io_uring uses the interface.
>>
>> These three fix important issues, which is why we need them in stable.
> 
> I've queued these three fixes to 5.4 and 5.3, thanks!

Thanks Sasha!

-- 
Jens Axboe