io_uring: fix openat/statx's filename leak

As in the previous patch, make openat*_prep() and statx_prep() handle double preparation to avoid resource leakage. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Pavel Begunkov <asml.silence@gmail.com> 2020-02-08 13:28:03 +0300
committer: Jens Axboe <axboe@kernel.dk> 2020-02-08 13:07:00 -0700
commit: 0bdbdd08a8f991bdaee54465a168c0795ea5d28b (patch)
tree: d0203578fa0046d4452a4bd929b0cf0716b7886c /fs
parent: 5f798beaf35d79355cbf18019c1993a84475a2c3 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 097701782339..24ebd5714bf9 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2560,6 +2560,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		return -EINVAL;
 	if (sqe->flags & IOSQE_FIXED_FILE)
 		return -EBADF;
+	if (req->flags & REQ_F_NEED_CLEANUP)
+		return 0;
 
 	req->open.dfd = READ_ONCE(sqe->fd);
 	req->open.how.mode = READ_ONCE(sqe->len);
@@ -2588,6 +2590,8 @@ static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		return -EINVAL;
 	if (sqe->flags & IOSQE_FIXED_FILE)
 		return -EBADF;
+	if (req->flags & REQ_F_NEED_CLEANUP)
+		return 0;
 
 	req->open.dfd = READ_ONCE(sqe->fd);
 	fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
@@ -2787,6 +2791,8 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		return -EINVAL;
 	if (sqe->flags & IOSQE_FIXED_FILE)
 		return -EBADF;
+	if (req->flags & REQ_F_NEED_CLEANUP)
+		return 0;
 
 	req->open.dfd = READ_ONCE(sqe->fd);
 	req->open.mask = READ_ONCE(sqe->len);
author	Pavel Begunkov <asml.silence@gmail.com>	2020-02-08 13:28:03 +0300
committer	Jens Axboe <axboe@kernel.dk>	2020-02-08 13:07:00 -0700
commit	0bdbdd08a8f991bdaee54465a168c0795ea5d28b (patch)
tree	d0203578fa0046d4452a4bd929b0cf0716b7886c /fs
parent	5f798beaf35d79355cbf18019c1993a84475a2c3 (diff)