Commit aa35dd6b authored Mar 31, 2026 by Jens Axboe

io_uring/bpf_filters: retain COW'ed settings on parse failures

If io_parse_restrictions() fails, it ends up clearing any restrictions
currently set. The intent is only to clear whatever it already applied,
but it ends up clearing everything, including whatever settings may have
been applied in a copy-on-write fashion already. Ensure that those are
retained.

Link: https://lore.kernel.org/io-uring/CAK8a0jzF-zaO5ZmdOrmfuxrhXuKg5m5+RDuO7tNvtj=kUYbW7Q@mail.gmail.com/

Reported-by: antonius <bluedragonsec2023@gmail.com>
Fixes: ed82f35b ("io_uring: allow registration of per-task restrictions")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 61a11cf4

io_uring/register.c

+9 −1

Original line number	Diff line number	Diff line
		@@ -178,9 +178,17 @@ static __cold int io_register_restrictions(struct io_ring_ctx *ctx,
		return -EBUSY;

		ret = io_parse_restrictions(arg, nr_args, &ctx->restrictions);
		/* Reset all restrictions if an error happened */
		/*
		* Reset all restrictions if an error happened, but retain any COW'ed
		* settings.
		*/
		if (ret < 0) {
		struct io_bpf_filters *bpf = ctx->restrictions.bpf_filters;
		bool cowed = ctx->restrictions.bpf_filters_cow;

		memset(&ctx->restrictions, 0, sizeof(ctx->restrictions));
		ctx->restrictions.bpf_filters = bpf;
		ctx->restrictions.bpf_filters_cow = cowed;
		return ret;
		}
		if (ctx->restrictions.op_registered)