[PATCH] io_uring: Add NULL checks for current->io_uring

Jia-Ju Bai <baijiaju1990@xxxxxxxxx> · Wed, 11 Jan 2023 18:19:07 +0800

As described in a previous commit 998b30c3948e, current->io_uring could
be NULL, and thus a NULL check is required for this variable.

In the same way, other functions that access current->io_uring also
require NULL checks of this variable.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
---
 io_uring/io_uring.c | 3 ++-
 io_uring/io_uring.h | 3 +++
 io_uring/tctx.c     | 9 ++++++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 2ac1cd8d23ea..8075c0880c7a 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2406,7 +2406,8 @@ int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr)
 		/* try again if it submitted nothing and can't allocate a req */
 		if (!ret && io_req_cache_empty(ctx))
 			ret = -EAGAIN;
-		current->io_uring->cached_refs += left;
+		if (likely(current->io_uring))
+			current->io_uring->cached_refs += left;
 	}
 
 	io_submit_state_end(ctx);
diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h
index ab4b2a1c3b7e..398c7c2ba22b 100644
--- a/io_uring/io_uring.h
+++ b/io_uring/io_uring.h
@@ -362,6 +362,9 @@ static inline void io_get_task_refs(int nr)
 {
 	struct io_uring_task *tctx = current->io_uring;
 
+	if (unlikely(!tctx))
+		return;
+
 	tctx->cached_refs -= nr;
 	if (unlikely(tctx->cached_refs < 0))
 		io_task_refs_refill(tctx);
diff --git a/io_uring/tctx.c b/io_uring/tctx.c
index 4324b1cf1f6a..6574bbe82b5d 100644
--- a/io_uring/tctx.c
+++ b/io_uring/tctx.c
@@ -145,7 +145,8 @@ int __io_uring_add_tctx_node_from_submit(struct io_ring_ctx *ctx)
 	if (ret)
 		return ret;
 
-	current->io_uring->last = ctx;
+	if (likely(current->io_uring))
+		current->io_uring->last = ctx;
 	return 0;
 }
 
@@ -200,6 +201,9 @@ void io_uring_unreg_ringfd(void)
 	struct io_uring_task *tctx = current->io_uring;
 	int i;
 
+	if (unlikely(!tctx))
+		return;
+
 	for (i = 0; i < IO_RINGFD_REG_MAX; i++) {
 		if (tctx->registered_rings[i]) {
 			fput(tctx->registered_rings[i]);
@@ -259,6 +263,9 @@ int io_ringfd_register(struct io_ring_ctx *ctx, void __user *__arg,
 		return ret;
 
 	tctx = current->io_uring;
+	if (unlikely(!tctx))
+		return -EINVAL;
+
 	for (i = 0; i < nr_args; i++) {
 		int start, end;
 
-- 
2.34.1







