io_uring: fail NOP if non-zero op flags is passed in

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Ming Lei <ming.lei@xxxxxxxxxx>

commit 3d8f874bd620ce03f75a5512847586828ab86544 upstream.

The NOP op flags should have been checked from beginning like any other
opcode, otherwise NOP may not be extended with the op flags.

Given both liburing and Rust io-uring crate always zeros SQE op flags, just
ignore users which play raw NOP uring interface without zeroing SQE, because
NOP is just for test purpose. Then we can save one NOP2 opcode.

Suggested-by: Jens Axboe <axboe@xxxxxxxxx>
Fixes: 2b188cc1bb85 ("Add io_uring IO interface")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20240510035031.78874-2-ming.lei@xxxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/io_uring.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2112,6 +2112,8 @@ static int __io_submit_sqe(struct io_rin
 
 	switch (req->submit.opcode) {
 	case IORING_OP_NOP:
+		if (READ_ONCE(s->sqe->rw_flags))
+			return -EINVAL;
 		ret = io_nop(req, req->user_data);
 		break;
 	case IORING_OP_READV:


Patches currently in stable-queue which might be from ming.lei@xxxxxxxxxx are

queue-5.4/io_uring-fail-nop-if-non-zero-op-flags-is-passed-in.patch




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux