tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

io_uring: sanity check sizes before attempting allocation

It's a good practice to validate parameters before doing any heavy stuff
like queue allocations. Do that for io_allocate_scq_urings().

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

authored by

Pavel Begunkov and committed by
Jens Axboe 284306f6 12aced0a

+12 -16
+12 -16
io_uring/io_uring.c
··· 3609 3609 { 3610 3610 struct io_uring_region_desc rd; 3611 3611 struct io_rings *rings; 3612 - size_t size, sq_array_offset; 3613 - size_t sqe_size; 3612 + size_t sq_array_offset; 3613 + size_t sq_size, cq_size, sqe_size; 3614 3614 int ret; 3615 3615 3616 3616 /* make sure these are sane, as we already accounted them */ 3617 3617 ctx->sq_entries = p->sq_entries; 3618 3618 ctx->cq_entries = p->cq_entries; 3619 3619 3620 - size = rings_size(ctx->flags, p->sq_entries, p->cq_entries, 3620 + sqe_size = sizeof(struct io_uring_sqe); 3621 + if (p->flags & IORING_SETUP_SQE128) 3622 + sqe_size *= 2; 3623 + sq_size = array_size(sqe_size, p->sq_entries); 3624 + if (sq_size == SIZE_MAX) 3625 + return -EOVERFLOW; 3626 + cq_size = rings_size(ctx->flags, p->sq_entries, p->cq_entries, 3621 3627 &sq_array_offset); 3622 - if (size == SIZE_MAX) 3628 + if (cq_size == SIZE_MAX) 3623 3629 return -EOVERFLOW; 3624 3630 3625 3631 memset(&rd, 0, sizeof(rd)); 3626 - rd.size = PAGE_ALIGN(size); 3632 + rd.size = PAGE_ALIGN(cq_size); 3627 3633 if (ctx->flags & IORING_SETUP_NO_MMAP) { 3628 3634 rd.user_addr = p->cq_off.user_addr; 3629 3635 rd.flags |= IORING_MEM_REGION_TYPE_USER; ··· 3646 3640 rings->sq_ring_entries = p->sq_entries; 3647 3641 rings->cq_ring_entries = p->cq_entries; 3648 3642 3649 - sqe_size = sizeof(struct io_uring_sqe); 3650 - if (p->flags & IORING_SETUP_SQE128) 3651 - sqe_size *= 2; 3652 - 3653 - size = array_size(sqe_size, p->sq_entries); 3654 - if (size == SIZE_MAX) { 3655 - io_rings_free(ctx); 3656 - return -EOVERFLOW; 3657 - } 3658 - 3659 3643 memset(&rd, 0, sizeof(rd)); 3660 - rd.size = PAGE_ALIGN(size); 3644 + rd.size = PAGE_ALIGN(sq_size); 3661 3645 if (ctx->flags & IORING_SETUP_NO_MMAP) { 3662 3646 rd.user_addr = p->sq_off.user_addr; 3663 3647 rd.flags |= IORING_MEM_REGION_TYPE_USER;