check file_slot early in io_accept_prep() to avoid wasted effort in failure cases. Signed-off-by: Hao Xu <haoxu@xxxxxxxxxxxxxxxxx> --- fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/io_uring.c b/fs/io_uring.c index 30d959416eba..917271bd80c5 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -4868,6 +4868,8 @@ static int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) accept->nofile = rlimit(RLIMIT_NOFILE); accept->file_slot = READ_ONCE(sqe->file_index); + if (accept->file_slot - 1 >= req->ctx->nr_user_files) + return -EINVAL; if (accept->file_slot && ((req->open.how.flags & O_CLOEXEC) || (accept->flags & SOCK_CLOEXEC))) return -EINVAL; -- 2.24.4
