diff options
author | Pavel Begunkov <asml.silence@gmail.com> | 2021-02-20 01:39:53 +0000 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2021-02-20 19:02:45 -0700 |
commit | ebf4a5db690a47e71056381ead8a134de7202694 (patch) | |
tree | cd9b8363a2fb5746232be481d088295b735821c7 /fs/io_uring.c | |
parent | 88f171ab7798a1ed0b9e39867ee16f307466e870 (diff) | |
download | lwn-ebf4a5db690a47e71056381ead8a134de7202694.tar.gz lwn-ebf4a5db690a47e71056381ead8a134de7202694.zip |
io_uring: fix leaving invalid req->flags
sqe->flags are subset of req flags, so incorrectly copied may span into
in-kernel flags and wreck havoc, e.g. by setting REQ_F_INFLIGHT.
Fixes: 5be9ad1e4287e ("io_uring: optimise io_init_req() flags setting")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs/io_uring.c')
-rw-r--r-- | fs/io_uring.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 5cc02226bb38..1501f20fde84 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6679,8 +6679,10 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, req->result = 0; /* enforce forwards compatibility on users */ - if (unlikely(sqe_flags & ~SQE_VALID_FLAGS)) + if (unlikely(sqe_flags & ~SQE_VALID_FLAGS)) { + req->flags = 0; return -EINVAL; + } if (unlikely(req->opcode >= IORING_OP_LAST)) return -EINVAL; |