io_uring: abort file assignment prior to assigning creds

We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no difference here for file assignment. Link: https://lore.kernel.org/lkml/000000000000a7edb305dca75a50@google.com/ Reported-by: syzbot+60c52ca98513a8760a91@syzkaller.appspotmail.com Fixes: 6bf9c47a ("io_uring: defer file assignment") Signed-off-by: Jens Axboe <axboe@kernel.dk>

io_uring: abort file assignment prior to assigning creds
We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no difference here for file assignment. Link: https://lore.kernel.org/lkml/000000000000a7edb305dca75a50@google.com/ Reported-by: syzbot+60c52ca98513a8760a91@syzkaller.appspotmail.com Fixes: 6bf9c47a ("io_uring: defer file assignment") Signed-off-by: Jens Axboe <axboe@kernel.dk>
70152140 · Jens Axboe · 7179c3ce · 70152140
Commit 70152140 authored Apr 14, 2022 by Jens Axboe
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

fs/io_uring.c fs/io_uring.c +3 -2

No files found.
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7111,13 +7111,14 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 	const struct cred *creds = NULL;
 	int ret;

+	if (unlikely(!io_assign_file(req, issue_flags)))
+		return -EBADF;
+
 	if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
 		creds = override_creds(req->creds);

 	if (!io_op_defs[req->opcode].audit_skip)
 		audit_uring_entry(req->opcode);
-	if (unlikely(!io_assign_file(req, issue_flags)))
-		return -EBADF;

 	switch (req->opcode) {
 	case IORING_OP_NOP: