aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Begunkov2023-01-20 16:38:06 +0000
committerGreg Kroah-Hartman2023-02-01 08:34:35 +0100
commitc932501bc232985f2c5580f52cc9a799e168900b (patch)
treeebd9409248e1d308694d9ceba3c204d2b8975c1b
parent3964b0c2e843334858da99db881859faa4df241d (diff)
io_uring/msg_ring: fix remote queue to disabled ring
commit 8579538c89e33ce78be2feb41e07489c8cbf8f31 upstream. IORING_SETUP_R_DISABLED rings don't have the submitter task set, so it's not always safe to use ->submitter_task. Disallow posting msg_ring messaged to disabled rings. Also add task NULL check for loosy sync around testing for IORING_SETUP_R_DISABLED. Cc: stable@vger.kernel.org Fixes: 6d043ee1164ca ("io_uring: do msg_ring in target task via tw") Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--io_uring/msg_ring.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c
index a49ccab262d5..7d5b544cfc30 100644
--- a/io_uring/msg_ring.c
+++ b/io_uring/msg_ring.c
@@ -30,6 +30,8 @@ static int io_msg_ring_data(struct io_kiocb *req)
if (msg->src_fd || msg->dst_fd || msg->flags)
return -EINVAL;
+ if (target_ctx->flags & IORING_SETUP_R_DISABLED)
+ return -EBADFD;
if (io_post_aux_cqe(target_ctx, msg->user_data, msg->len, 0, true))
return 0;
@@ -84,6 +86,8 @@ static int io_msg_send_fd(struct io_kiocb *req, unsigned int issue_flags)
if (target_ctx == ctx)
return -EINVAL;
+ if (target_ctx->flags & IORING_SETUP_R_DISABLED)
+ return -EBADFD;
ret = io_double_lock_ctx(ctx, target_ctx, issue_flags);
if (unlikely(ret))