mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-03-16 04:04:06 +00:00
io_uring: add ->splice_fd_in checks
commit 26578cda3d upstream.
->splice_fd_in is used only by splice/tee, but no other request checks
it for validity. Add the check for most of request types excluding
reads/writes/sends/recvs, we don't want overhead for them and can leave
them be as is until the field is actually used.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/f44bc2acd6777d932de3d71a5692235b5b2b7397.1629451684.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Pavel Begunkov
Greg Kroah-Hartman
parent
3e433e671e
commit
87ed36bed9
1 changed files with 30 additions and 22 deletions
|
|
@ -3484,7 +3484,7 @@ static int io_renameat_prep(struct io_kiocb *req,
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->flags & REQ_F_FIXED_FILE))
|
||||
return -EBADF;
|
||||
|
|
@ -3535,7 +3535,8 @@ static int io_unlinkat_prep(struct io_kiocb *req,
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->flags & REQ_F_FIXED_FILE))
|
||||
return -EBADF;
|
||||
|
|
@ -3581,8 +3582,8 @@ static int io_shutdown_prep(struct io_kiocb *req,
|
|||
#if defined(CONFIG_NET)
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags ||
|
||||
sqe->buf_index)
|
||||
if (unlikely(sqe->ioprio || sqe->off || sqe->addr || sqe->rw_flags ||
|
||||
sqe->buf_index || sqe->splice_fd_in))
|
||||
return -EINVAL;
|
||||
|
||||
req->shutdown.how = READ_ONCE(sqe->len);
|
||||
|
|
@ -3730,7 +3731,8 @@ static int io_fsync_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
|
||||
if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index))
|
||||
if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index ||
|
||||
sqe->splice_fd_in))
|
||||
return -EINVAL;
|
||||
|
||||
req->sync.flags = READ_ONCE(sqe->fsync_flags);
|
||||
|
|
@ -3763,7 +3765,8 @@ static int io_fsync(struct io_kiocb *req, unsigned int issue_flags)
|
|||
static int io_fallocate_prep(struct io_kiocb *req,
|
||||
const struct io_uring_sqe *sqe)
|
||||
{
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->rw_flags)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->rw_flags ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
|
|
@ -3794,7 +3797,7 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe
|
|||
const char __user *fname;
|
||||
int ret;
|
||||
|
||||
if (unlikely(sqe->ioprio || sqe->buf_index))
|
||||
if (unlikely(sqe->ioprio || sqe->buf_index || sqe->splice_fd_in))
|
||||
return -EINVAL;
|
||||
if (unlikely(req->flags & REQ_F_FIXED_FILE))
|
||||
return -EBADF;
|
||||
|
|
@ -3918,7 +3921,8 @@ static int io_remove_buffers_prep(struct io_kiocb *req,
|
|||
struct io_provide_buf *p = &req->pbuf;
|
||||
u64 tmp;
|
||||
|
||||
if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off)
|
||||
if (sqe->ioprio || sqe->rw_flags || sqe->addr || sqe->len || sqe->off ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
tmp = READ_ONCE(sqe->fd);
|
||||
|
|
@ -3989,7 +3993,7 @@ static int io_provide_buffers_prep(struct io_kiocb *req,
|
|||
struct io_provide_buf *p = &req->pbuf;
|
||||
u64 tmp;
|
||||
|
||||
if (sqe->ioprio || sqe->rw_flags)
|
||||
if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
tmp = READ_ONCE(sqe->fd);
|
||||
|
|
@ -4076,7 +4080,7 @@ static int io_epoll_ctl_prep(struct io_kiocb *req,
|
|||
const struct io_uring_sqe *sqe)
|
||||
{
|
||||
#if defined(CONFIG_EPOLL)
|
||||
if (sqe->ioprio || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
|
|
@ -4122,7 +4126,7 @@ static int io_epoll_ctl(struct io_kiocb *req, unsigned int issue_flags)
|
|||
static int io_madvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
||||
{
|
||||
#if defined(CONFIG_ADVISE_SYSCALLS) && defined(CONFIG_MMU)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->off)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->off || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
|
|
@ -4157,7 +4161,7 @@ static int io_madvise(struct io_kiocb *req, unsigned int issue_flags)
|
|||
|
||||
static int io_fadvise_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
||||
{
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->addr)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->addr || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
|
|
@ -4195,7 +4199,7 @@ static int io_statx_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
{
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (req->flags & REQ_F_FIXED_FILE)
|
||||
return -EBADF;
|
||||
|
|
@ -4231,7 +4235,7 @@ static int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->off || sqe->addr || sqe->len ||
|
||||
sqe->rw_flags || sqe->buf_index)
|
||||
sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (req->flags & REQ_F_FIXED_FILE)
|
||||
return -EBADF;
|
||||
|
|
@ -4292,7 +4296,8 @@ static int io_sfr_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
|
||||
if (unlikely(ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index))
|
||||
if (unlikely(sqe->addr || sqe->ioprio || sqe->buf_index ||
|
||||
sqe->splice_fd_in))
|
||||
return -EINVAL;
|
||||
|
||||
req->sync.off = READ_ONCE(sqe->off);
|
||||
|
|
@ -4719,7 +4724,7 @@ static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->len || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
accept->addr = u64_to_user_ptr(READ_ONCE(sqe->addr));
|
||||
|
|
@ -4767,7 +4772,8 @@ static int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags)
|
||||
if (sqe->ioprio || sqe->len || sqe->buf_index || sqe->rw_flags ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr));
|
||||
|
|
@ -5375,7 +5381,7 @@ static int io_poll_update_prep(struct io_kiocb *req,
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->buf_index)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
flags = READ_ONCE(sqe->len);
|
||||
if (flags & ~(IORING_POLL_UPDATE_EVENTS | IORING_POLL_UPDATE_USER_DATA |
|
||||
|
|
@ -5610,7 +5616,7 @@ static int io_timeout_remove_prep(struct io_kiocb *req,
|
|||
return -EINVAL;
|
||||
if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->len)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->len || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
tr->addr = READ_ONCE(sqe->addr);
|
||||
|
|
@ -5669,7 +5675,8 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe,
|
|||
|
||||
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->len != 1)
|
||||
if (sqe->ioprio || sqe->buf_index || sqe->len != 1 ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
if (off && is_timeout_link)
|
||||
return -EINVAL;
|
||||
|
|
@ -5820,7 +5827,8 @@ static int io_async_cancel_prep(struct io_kiocb *req,
|
|||
return -EINVAL;
|
||||
if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags)
|
||||
if (sqe->ioprio || sqe->off || sqe->len || sqe->cancel_flags ||
|
||||
sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
req->cancel.addr = READ_ONCE(sqe->addr);
|
||||
|
|
@ -5877,7 +5885,7 @@ static int io_rsrc_update_prep(struct io_kiocb *req,
|
|||
{
|
||||
if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
|
||||
return -EINVAL;
|
||||
if (sqe->ioprio || sqe->rw_flags)
|
||||
if (sqe->ioprio || sqe->rw_flags || sqe->splice_fd_in)
|
||||
return -EINVAL;
|
||||
|
||||
req->rsrc_update.offset = READ_ONCE(sqe->off);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue