summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorPavel Begunkov <asml.silence@gmail.com>2020-05-26 20:34:04 +0300
committerJens Axboe <axboe@kernel.dk>2020-05-26 13:31:08 -0600
commit56080b02ed6e71fbc0add2d05a32ed7361dd736a (patch)
treeeee46aaa4bfcdd116a1fc9aae33acf97478145e9 /fs
parent733f5c95e6fdabd05b8dfc15e04512809c9652c2 (diff)
downloadlwn-56080b02ed6e71fbc0add2d05a32ed7361dd736a.tar.gz
lwn-56080b02ed6e71fbc0add2d05a32ed7361dd736a.zip
io_uring: don't re-read sqe->off in timeout_prep()
SQEs are user writable, don't read sqe->off twice in io_timeout_prep() Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs')
-rw-r--r--fs/io_uring.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 4be8f9eb71e4..f888b20d0a68 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -4803,18 +4803,19 @@ static int io_timeout_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe,
{
struct io_timeout_data *data;
unsigned flags;
+ u32 off = READ_ONCE(sqe->off);
if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
return -EINVAL;
if (sqe->ioprio || sqe->buf_index || sqe->len != 1)
return -EINVAL;
- if (sqe->off && is_timeout_link)
+ if (off && is_timeout_link)
return -EINVAL;
flags = READ_ONCE(sqe->timeout_flags);
if (flags & ~IORING_TIMEOUT_ABS)
return -EINVAL;
- req->timeout.count = READ_ONCE(sqe->off);
+ req->timeout.count = off;
if (!req->io && io_alloc_async_ctx(req))
return -ENOMEM;