This is a note to let you know that I've just added the patch titled
io_uring/rsrc: use nospec'ed indexes
to the 6.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
io_uring-rsrc-use-nospec-ed-indexes.patch
and it can be found in the queue-6.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 8e3b92f3ba20f50228e2a5ecbb0ff05c0192ac9b
Author: Pavel Begunkov <asml.silence@xxxxxxxxx>
Date: Thu Apr 13 15:28:05 2023 +0100
io_uring/rsrc: use nospec'ed indexes
[ Upstream commit 953c37e066f05a3dca2d74643574b8dfe8a83983 ]
We use array_index_nospec() for registered buffer indexes, but don't use
it while poking into rsrc tags, fix that.
Fixes: 634d00df5e1cf ("io_uring: add full-fledged dynamic buffers support")
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Link: https://lore.kernel.org/r/f02fafc5a9c0dd69be2b0618c38831c078232ff0.1681395792.git.asml.silence@xxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c
index 7a43aed8e395c..e6fec9e971eac 100644
--- a/io_uring/rsrc.c
+++ b/io_uring/rsrc.c
@@ -577,7 +577,7 @@ static int __io_sqe_buffers_update(struct io_ring_ctx *ctx,
}
ctx->user_bufs[i] = imu;
- *io_get_tag_slot(ctx->buf_data, offset) = tag;
+ *io_get_tag_slot(ctx->buf_data, i) = tag;
}
if (needs_switch)
