Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
fs/io_uring.c | 16 ++++++++++++++++
include/uapi/linux/io_uring.h | 4 ++++
2 files changed, 20 insertions(+)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 7c165b2ce8e4..c37846bca863 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -882,6 +882,7 @@ struct io_defer_entry {
};
struct io_bpf_ctx {
+ struct io_uring_bpf_ctx u;
struct io_ring_ctx *ctx;
};
@@ -10482,6 +10483,15 @@ static bool io_bpf_is_valid_access(int off, int size,
const struct bpf_prog *prog,
struct bpf_insn_access_aux *info)
{
+ if (off < 0 || off >= sizeof(struct io_uring_bpf_ctx))
+ return false;
+ if (off % size != 0)
+ return false;
+
+ switch (off) {
+ case offsetof(struct io_uring_bpf_ctx, user_data):
+ return size == sizeof_field(struct io_uring_bpf_ctx, user_data);
+ }
return false;
}
@@ -10505,6 +10515,8 @@ static void io_bpf_run(struct io_kiocb *req, unsigned int issue_flags)
atomic_read(&req->task->io_uring->in_idle)))
goto done;
+ memset(&bpf_ctx.u, 0, sizeof(bpf_ctx.u));
+ bpf_ctx.u.user_data = req->user_data;
bpf_ctx.ctx = ctx;
prog = req->bpf.prog;
@@ -10591,6 +10603,10 @@ static int __init io_uring_init(void)
BUILD_BUG_SQE_ELEM(44, __s32, splice_fd_in);
BUILD_BUG_SQE_ELEM(48, __u16, cq_idx);
+ /* should be first, see io_bpf_is_valid_access() */
+ __BUILD_BUG_VERIFY_ELEMENT(struct io_bpf_ctx, 0,
+ struct io_uring_bpf_ctx, u);
+
BUILD_BUG_ON(sizeof(struct io_uring_files_update) !=
sizeof(struct io_uring_rsrc_update));
BUILD_BUG_ON(sizeof(struct io_uring_rsrc_update) >
diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h
index 25ab804670e1..d7b1713bcfb0 100644
--- a/include/uapi/linux/io_uring.h
+++ b/include/uapi/linux/io_uring.h
@@ -403,4 +403,8 @@ struct io_uring_getevents_arg {
__u64 ts;
};
+struct io_uring_bpf_ctx {
+ __u64 user_data;
+};
+
#endif
--
2.31.1
