io_[p]getevents syscall should return -EINVAL if if timeout is out of range, add this validity check. Signed-off-by: zhangyi (F) <yi.zhang@xxxxxxxxxx> --- fs/aio.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 01e0fb9..dd967a0 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -2031,10 +2031,17 @@ static long do_io_getevents(aio_context_t ctx_id, struct io_event __user *events, struct timespec64 *ts) { - ktime_t until = ts ? timespec64_to_ktime(*ts) : KTIME_MAX; - struct kioctx *ioctx = lookup_ioctx(ctx_id); + ktime_t until = KTIME_MAX; + struct kioctx *ioctx = NULL; long ret = -EINVAL; + if (ts) { + if (!timespec64_valid(ts)) + return ret; + until = timespec64_to_ktime(*ts); + } + + ioctx = lookup_ioctx(ctx_id); if (likely(ioctx)) { if (likely(min_nr <= nr && min_nr >= 0)) ret = read_events(ioctx, min_nr, nr, events, until); -- 2.7.4