[SRU][F][PATCH v3 1/3] io_uring: remove extra check in __io_commit_cqring

[Chengen Du]

From: Pavel Begunkov <asml.silence at gmail.com>

CVE-2023-21400

BugLink: https://bugs.launchpad.net/bugs/2078659

__io_commit_cqring() is almost always called when there is a change in
the rings, so the check is rather pessimising.

Signed-off-by: Pavel Begunkov <asml.silence at gmail.com>
Signed-off-by: Jens Axboe <axboe at kernel.dk>
(cherry picked from commit 0791015837f1520dd72918355dcb1f1e79175255)
Signed-off-by: Chengen Du <chengen.du at canonical.com>
---
 fs/io_uring.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 875dd8e0f766..f90b159bfc3a 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -512,14 +512,12 @@ static void __io_commit_cqring(struct io_ring_ctx *ctx)
 {
 	struct io_rings *rings = ctx->rings;
 
-	if (ctx->cached_cq_tail != READ_ONCE(rings->cq.tail)) {
-		/* order cqe stores with ring update */
-		smp_store_release(&rings->cq.tail, ctx->cached_cq_tail);
+	/* order cqe stores with ring update */
+	smp_store_release(&rings->cq.tail, ctx->cached_cq_tail);
 
-		if (wq_has_sleeper(&ctx->cq_wait)) {
-			wake_up_interruptible(&ctx->cq_wait);
-			kill_fasync(&ctx->cq_fasync, SIGIO, POLL_IN);
-		}
+	if (wq_has_sleeper(&ctx->cq_wait)) {
+		wake_up_interruptible(&ctx->cq_wait);
+		kill_fasync(&ctx->cq_fasync, SIGIO, POLL_IN);
 	}
 }
 
-- 
2.43.0