tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

io_uring/rsrc: unify nospec indexing for direct descriptors

For file updates, the node reset isn't capping the value via
array_index_nospec() like the other paths do. Ensure it's all sane and
have the update path do the proper capping as well.

Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

Jens Axboe 53262c91 8e1f412b

+10 -2
+3
io_uring/rsrc.c
··· 238 238 continue; 239 239 240 240 i = up->offset + done; 241 + if (i >= ctx->file_table.data.nr) 242 + break; 243 + i = array_index_nospec(i, ctx->file_table.data.nr); 241 244 if (io_reset_rsrc_node(ctx, &ctx->file_table.data, i)) 242 245 io_file_bitmap_clear(&ctx->file_table, i); 243 246
+7 -2
io_uring/rsrc.h
··· 109 109 } 110 110 111 111 static inline bool io_reset_rsrc_node(struct io_ring_ctx *ctx, 112 - struct io_rsrc_data *data, int index) 112 + struct io_rsrc_data *data, 113 + unsigned int index) 113 114 { 114 - struct io_rsrc_node *node = data->nodes[index]; 115 + struct io_rsrc_node *node; 115 116 117 + if (index >= data->nr) 118 + return false; 119 + index = array_index_nospec(index, data->nr); 120 + node = data->nodes[index]; 116 121 if (!node) 117 122 return false; 118 123 io_put_rsrc_node(ctx, node);