From: Max Kellermann mk@cm4all.com
Based on commit 63ff822358b276137059520cf16e587e8073e80f upstream.
If an operation's flag `needs_file` is set, the function io_req_set_file() calls io_file_get() to obtain a `struct file*`.
This fails for `O_PATH` file descriptors, because io_file_get() calls fget(), which rejects `O_PATH` file descriptors. To support `O_PATH`, fdget_raw() must be used (like path_init() in `fs/namei.c` does). This rejection causes io_req_set_file() to throw `-EBADF`. This breaks the operations `openat`, `openat2` and `statx`, where `O_PATH` file descriptors are commonly used.
This could be solved by adding support for `O_PATH` file descriptors with another `io_op_def` flag, but since those three operations don't need the `struct file*` but operate directly on the numeric file descriptors, the best solution here is to simply remove `needs_file` (and the accompanying flag `fd_non_reg`).
Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann mk@cm4all.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/io_uring.c | 6 ------ 1 file changed, 6 deletions(-)
--- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -696,8 +696,6 @@ static const struct io_op_def io_op_defs .needs_file = 1, }, [IORING_OP_OPENAT] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, }, @@ -711,8 +709,6 @@ static const struct io_op_def io_op_defs }, [IORING_OP_STATX] = { .needs_mm = 1, - .needs_file = 1, - .fd_non_neg = 1, .needs_fs = 1, .file_table = 1, }, @@ -743,8 +739,6 @@ static const struct io_op_def io_op_defs .unbound_nonreg_file = 1, }, [IORING_OP_OPENAT2] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, },