"zhangyi (F)" <yi.zhang@xxxxxxxxxx> writes:
> io_[p]getevents syscall should return -EINVAL if if timeout is out of
> range, add this validity check.
>
> Signed-off-by: zhangyi (F) <yi.zhang@xxxxxxxxxx>
> ---
> fs/aio.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/fs/aio.c b/fs/aio.c
> index 01e0fb9..dd967a0 100644
> --- a/fs/aio.c
> +++ b/fs/aio.c
> @@ -2031,10 +2031,17 @@ static long do_io_getevents(aio_context_t ctx_id,
> struct io_event __user *events,
> struct timespec64 *ts)
> {
> - ktime_t until = ts ? timespec64_to_ktime(*ts) : KTIME_MAX;
> - struct kioctx *ioctx = lookup_ioctx(ctx_id);
> + ktime_t until = KTIME_MAX;
> + struct kioctx *ioctx = NULL;
> long ret = -EINVAL;
>
> + if (ts) {
> + if (!timespec64_valid(ts))
> + return ret;
> + until = timespec64_to_ktime(*ts);
> + }
> +
> + ioctx = lookup_ioctx(ctx_id);
> if (likely(ioctx)) {
> if (likely(min_nr <= nr && min_nr >= 0))
> ret = read_events(ioctx, min_nr, nr, events, until);
Reviewed-by: Jeff Moyer <jmoyer@xxxxxxxxxx>
The previous suggestion[1] of fixing the helpers never materialized, so
let's just get this fixed, already.
-Jeff
[1] https://marc.info/?l=linux-fsdevel&m=152209450618587&w=2
