tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'io_uring-5.10-2020-11-27' of git://git.kernel.dk/linux-block

Pull io_uring fixes from Jens Axboe:

- Out of bounds fix for the cq size cap from earlier this release (Joseph)

- iov_iter type check fix (Pavel)

- Files grab + cancelation fix (Pavel)

* tag 'io_uring-5.10-2020-11-27' of git://git.kernel.dk/linux-block:
io_uring: fix files grab/cancel race
io_uring: fix ITER_BVEC check
io_uring: fix shift-out-of-bounds when round up cq size

Linus Torvalds 9223e74f d021c3e5

+20 -19
+20 -19
fs/io_uring.c
··· 1313 1313 return false; 1314 1314 req->work.flags |= IO_WQ_WORK_FSIZE; 1315 1315 } 1316 - 1317 - if (!(req->work.flags & IO_WQ_WORK_FILES) && 1318 - (def->work_flags & IO_WQ_WORK_FILES) && 1319 - !(req->flags & REQ_F_NO_FILE_TABLE)) { 1320 - if (id->files != current->files || 1321 - id->nsproxy != current->nsproxy) 1322 - return false; 1323 - atomic_inc(&id->files->count); 1324 - get_nsproxy(id->nsproxy); 1325 - req->flags |= REQ_F_INFLIGHT; 1326 - 1327 - spin_lock_irq(&ctx->inflight_lock); 1328 - list_add(&req->inflight_entry, &ctx->inflight_list); 1329 - spin_unlock_irq(&ctx->inflight_lock); 1330 - req->work.flags |= IO_WQ_WORK_FILES; 1331 - } 1332 1316 #ifdef CONFIG_BLK_CGROUP 1333 1317 if (!(req->work.flags & IO_WQ_WORK_BLKCG) && 1334 1318 (def->work_flags & IO_WQ_WORK_BLKCG)) { ··· 1353 1369 req->work.flags |= IO_WQ_WORK_CANCEL; 1354 1370 } 1355 1371 spin_unlock(&current->fs->lock); 1372 + } 1373 + if (!(req->work.flags & IO_WQ_WORK_FILES) && 1374 + (def->work_flags & IO_WQ_WORK_FILES) && 1375 + !(req->flags & REQ_F_NO_FILE_TABLE)) { 1376 + if (id->files != current->files || 1377 + id->nsproxy != current->nsproxy) 1378 + return false; 1379 + atomic_inc(&id->files->count); 1380 + get_nsproxy(id->nsproxy); 1381 + req->flags |= REQ_F_INFLIGHT; 1382 + 1383 + spin_lock_irq(&ctx->inflight_lock); 1384 + list_add(&req->inflight_entry, &ctx->inflight_list); 1385 + spin_unlock_irq(&ctx->inflight_lock); 1386 + req->work.flags |= IO_WQ_WORK_FILES; 1356 1387 } 1357 1388 1358 1389 return true; ··· 3192 3193 rw->free_iovec = iovec; 3193 3194 rw->bytes_done = 0; 3194 3195 /* can only be fixed buffers, no need to do anything */ 3195 - if (iter->type == ITER_BVEC) 3196 + if (iov_iter_is_bvec(iter)) 3196 3197 return; 3197 3198 if (!iovec) { 3198 3199 unsigned iov_off = 0; ··· 9251 9252 * to a power-of-two, if it isn't already. We do NOT impose 9252 9253 * any cq vs sq ring sizing. 9253 9254 */ 9254 - p->cq_entries = roundup_pow_of_two(p->cq_entries); 9255 - if (p->cq_entries < p->sq_entries) 9255 + if (!p->cq_entries) 9256 9256 return -EINVAL; 9257 9257 if (p->cq_entries > IORING_MAX_CQ_ENTRIES) { 9258 9258 if (!(p->flags & IORING_SETUP_CLAMP)) 9259 9259 return -EINVAL; 9260 9260 p->cq_entries = IORING_MAX_CQ_ENTRIES; 9261 9261 } 9262 + p->cq_entries = roundup_pow_of_two(p->cq_entries); 9263 + if (p->cq_entries < p->sq_entries) 9264 + return -EINVAL; 9262 9265 } else { 9263 9266 p->cq_entries = 2 * p->sq_entries; 9264 9267 }