If an operation's flag `needs_file` is set, the function io_req_set_file() calls io_file_get() to obtain a `struct file*`.
This fails for `O_PATH` file descriptors, because io_file_get() calls fget(), which rejects `O_PATH` file descriptors. To support `O_PATH`, fdget_raw() must be used (like path_init() in `fs/namei.c` does). This rejection causes io_req_set_file() to throw `-EBADF`. This breaks the operations `openat`, `openat2` and `statx`, where `O_PATH` file descriptors are commonly used.
This could be solved by adding support for `O_PATH` file descriptors with another `io_op_def` flag, but since those three operations don't need the `struct file*` but operate directly on the numeric file descriptors, the best solution here is to simply remove `needs_file` (and the accompanying flag `fd_non_reg`).
Signed-off-by: Max Kellermann mk@cm4all.com Cc: stable@vger.kernel.org --- fs/io_uring.c | 6 ------ 1 file changed, 6 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c index a46de2cfc28e..d24f8e33323c 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -693,8 +693,6 @@ static const struct io_op_def io_op_defs[] = { .needs_file = 1, }, [IORING_OP_OPENAT] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, }, @@ -708,8 +706,6 @@ static const struct io_op_def io_op_defs[] = { }, [IORING_OP_STATX] = { .needs_mm = 1, - .needs_file = 1, - .fd_non_neg = 1, .needs_fs = 1, }, [IORING_OP_READ] = { @@ -739,8 +735,6 @@ static const struct io_op_def io_op_defs[] = { .unbound_nonreg_file = 1, }, [IORING_OP_OPENAT2] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, },