On 12/9/24 23:43, Gabriel Krisman Bertazi wrote:
IORING_OP_EXEC runs only from a custom handler and cannot rely on
overloaded credentials. This commit adds infrastructure to allow running
operations without overloading the credentials, i.e. not enabling the
REQ_F_CREDS flag.
Signed-off-by: Gabriel Krisman Bertazi <krisman@xxxxxxx>
---
io_uring/io_uring.c | 2 +-
io_uring/opdef.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index a19f72755eaa..0fd8709401fc 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -457,7 +457,7 @@ static void io_prep_async_work(struct io_kiocb *req)
const struct io_issue_def *def = &io_issue_defs[req->opcode];
struct io_ring_ctx *ctx = req->ctx;
- if (!(req->flags & REQ_F_CREDS)) {
+ if (!(req->flags & REQ_F_CREDS) && !def->ignore_creds)
It's not the only place setting creds, see io_init_req().
--
Pavel Begunkov
