Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
io_uring/rw: add defensive hardening for negative kbuf lengths
No real bug here, just being a bit defensive in ensuring that whatever
gets passed into io_put_kbuf() is always >= 0 and not some random error
value.
Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
+2
-2
+2
-2
io_uring/rw.c
+2
-2
io_uring/rw.c
···
580
580
io_req_io_end(req);
581
581
582
582
if (req->flags & (REQ_F_BUFFER_SELECTED|REQ_F_BUFFER_RING))
583
-
req->cqe.flags |= io_put_kbuf(req, req->cqe.res, NULL);
583
+
req->cqe.flags |= io_put_kbuf(req, max(req->cqe.res, 0), NULL);
584
584
585
585
io_req_rw_cleanup(req, 0);
586
586
io_req_task_complete(tw_req, tw);
···
1379
1379
list_del(&req->iopoll_node);
1380
1380
wq_list_add_tail(&req->comp_list, &ctx->submit_state.compl_reqs);
1381
1381
nr_events++;
1382
-
req->cqe.flags = io_put_kbuf(req, req->cqe.res, NULL);
1382
+
req->cqe.flags = io_put_kbuf(req, max(req->cqe.res, 0), NULL);
1383
1383
if (!io_is_uring_cmd(req))
1384
1384
io_req_rw_cleanup(req, 0);
1385
1385
}