IORING_OP_EXEC runs only from a custom handler and cannot rely on
overloaded credentials. This commit adds infrastructure to allow running
operations without overloading the credentials, i.e. not enabling the
REQ_F_CREDS flag.
Signed-off-by: Gabriel Krisman Bertazi <krisman@xxxxxxx>
---
io_uring/io_uring.c | 2 +-
io_uring/opdef.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index a19f72755eaa..0fd8709401fc 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -457,7 +457,7 @@ static void io_prep_async_work(struct io_kiocb *req)
const struct io_issue_def *def = &io_issue_defs[req->opcode];
struct io_ring_ctx *ctx = req->ctx;
- if (!(req->flags & REQ_F_CREDS)) {
+ if (!(req->flags & REQ_F_CREDS) && !def->ignore_creds) {
req->flags |= REQ_F_CREDS;
req->creds = get_current_cred();
}
diff --git a/io_uring/opdef.h b/io_uring/opdef.h
index 14456436ff74..94e9a2e3c028 100644
--- a/io_uring/opdef.h
+++ b/io_uring/opdef.h
@@ -27,6 +27,8 @@ struct io_issue_def {
unsigned iopoll_queue : 1;
/* vectored opcode, set if 1) vectored, and 2) handler needs to know */
unsigned vectored : 1;
+ /* io_uring must not overload credentials on async context. */
+ unsigned ignore_creds : 1;
/* size of async data needed, if any */
unsigned short async_size;
--
2.47.0
