io_uring: fix openat/statx's filename leak

As in the previous patch, make openat*_prep() and statx_prep() handle
double preparation to avoid resource leakage.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 0977017..24ebd57 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2560,6 +2560,8 @@ static int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
                return -EINVAL;
        if (sqe->flags & IOSQE_FIXED_FILE)
                return -EBADF;
+       if (req->flags & REQ_F_NEED_CLEANUP)
+               return 0;
 
        req->open.dfd = READ_ONCE(sqe->fd);
        req->open.how.mode = READ_ONCE(sqe->len);
@@ -2588,6 +2590,8 @@ static int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
                return -EINVAL;
        if (sqe->flags & IOSQE_FIXED_FILE)
                return -EBADF;
+       if (req->flags & REQ_F_NEED_CLEANUP)
+               return 0;
 
        req->open.dfd = READ_ONCE(sqe->fd);
        fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
@@ -2787,6 +2791,8 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
                return -EINVAL;
        if (sqe->flags & IOSQE_FIXED_FILE)
                return -EBADF;
+       if (req->flags & REQ_F_NEED_CLEANUP)
+               return 0;
 
        req->open.dfd = READ_ONCE(sqe->fd);
        req->open.mask = READ_ONCE(sqe->len);