io_uring: fix openat/openat2 unified prep handling

A previous commit unified how we handle prep for these two functions, but this means that we check the allowed context (SQPOLL, specifically) later than we should. Move the ring type checking into the two parent functions, instead of doing it after we've done some setup work. Fixes: ec65fea ("io_uring: deduplicate io_openat{,2}_prep()") Reported-by: Andy Lutomirski <[email protected]> Signed-off-by: Jens Axboe <[email protected]>
torvalds · Sep 21, 2020 · 4eb8dde · 4eb8dde
1 parent 6ca56f8
commit 4eb8dde
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/fs/io_uring.c b/fs/io_uring.c
@@ -3527,8 +3527,6 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe
  const char __user *fname;
  int ret;
 
- if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
- return -EINVAL;
  if (unlikely(sqe->ioprio || sqe->buf_index))
  return -EINVAL;
  if (unlikely(req->flags & REQ_F_FIXED_FILE))
@@ -3555,6 +3553,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 {
  u64 flags, mode;
 
+ if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
+ return -EINVAL;
  if (req->flags & REQ_F_NEED_CLEANUP)
  return 0;
  mode = READ_ONCE(sqe->len);
@@ -3569,6 +3569,8 @@ static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
  size_t len;
  int ret;
 
+ if (unlikely(req->ctx->flags & (IORING_SETUP_IOPOLL|IORING_SETUP_SQPOLL)))
+ return -EINVAL;
  if (req->flags & REQ_F_NEED_CLEANUP)
  return 0;
  how = u64_to_user_ptr(READ_ONCE(sqe->addr2));