kevin/linux
1
Fork 0
Code
1c47c0d601
linux/io_uring
History
Jens Axboe 1c47c0d601 io_uring/rsrc: ensure compat iovecs are copied correctly 
For buffer registration (or updates), a userspace iovec is copied in
and updated. If the application is within a compat syscall, then the
iovec type is compat_iovec rather than iovec. However, the type used
in __io_sqe_buffers_update() and io_sqe_buffers_register() is always
struct iovec, and hence the source is incremented by the size of a
non-compat iovec in the loop. This misses every other iovec in the
source, and will run into garbage half way through the copies and
return -EFAULT to the application.

Maintain the source address separately and assign to our user vec
pointer, so that copies always happen from the right source address.

While in there, correct a bad placement of __user which triggered
the following sparse warning prior to this fix:

io_uring/rsrc.c:981:33: warning: cast removes address space '__user' of expression
io_uring/rsrc.c:981:30: warning: incorrect type in assignment (different address spaces)
io_uring/rsrc.c:981:30:    expected struct iovec const [noderef] __user *uvec
io_uring/rsrc.c:981:30:    got struct iovec *[noderef] __user

Fixes: f4eaf8eda8 ("io_uring/rsrc: Drop io_copy_iov in favor of iovec API")
Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2024-08-30 07:52:43 -06:00
..
advise.c io_uring/advise: support 64-bit lengths 2024-06-16 14:54:55 -06:00
advise.h
alloc_cache.h io_uring/alloc_cache: switch to array based caching 2024-04-15 08:10:25 -06:00
cancel.c io_uring: fix warnings on shadow variables 2024-04-15 08:10:26 -06:00
cancel.h io_uring: fix cancellation overwriting req->flags 2024-06-13 19:25:28 -06:00
epoll.c io_uring: undeprecate epoll_ctl support 2023-05-26 20:22:41 -06:00
epoll.h
eventfd.c io_uring/eventfd: move eventfd handling to separate file 2024-06-16 14:54:55 -06:00
eventfd.h io_uring/eventfd: move eventfd handling to separate file 2024-06-16 14:54:55 -06:00
fdinfo.c io_uring: fix warnings on shadow variables 2024-04-15 08:10:26 -06:00
fdinfo.h io_uring: move fdinfo helpers to its own file 2022-07-24 18:39:12 -06:00
filetable.c io_uring/filetable: don't unnecessarily clear/reset bitmap 2024-05-08 08:27:45 -06:00
filetable.h io_uring: expand main struct io_kiocb flags to 64-bits 2024-02-08 13:27:03 -07:00
fs.c
fs.h
futex.c io_uring/alloc_cache: switch to array based caching 2024-04-15 08:10:25 -06:00
futex.h io_uring/alloc_cache: switch to array based caching 2024-04-15 08:10:25 -06:00
io_uring.c io_uring/napi: pass ktime to io_napi_adjust_timeout 2024-07-26 08:31:59 -06:00
io_uring.h io_uring/napi: use ktime in busy polling 2024-07-26 08:31:59 -06:00
io-wq.c io_uring/io-wq: limit retrying worker initialisation 2024-07-11 01:51:44 -06:00
io-wq.h io_uring/io-wq: make io_wq_work flags atomic 2024-06-16 14:54:55 -06:00
kbuf.c io_uring/kbuf: sanitize peek buffer setup 2024-08-21 07:16:38 -06:00
kbuf.h io_uring/kbuf: add helpers for getting/peeking multiple buffers 2024-04-22 11:26:01 -06:00
Makefile io_uring/eventfd: move eventfd handling to separate file 2024-06-16 14:54:55 -06:00
memmap.c io_uring: don't attempt to mmap larger than what the user asks for 2024-05-29 09:53:14 -06:00
memmap.h io_uring: move mapping/allocation helpers to a separate file 2024-04-15 08:10:26 -06:00
msg_ring.c io_uring/msg_ring: fix uninitialized use of target_req->flags 2024-07-25 08:41:35 -06:00
msg_ring.h io_uring/msg_ring: add an alloc cache for io_kiocb entries 2024-06-24 08:39:55 -06:00
napi.c io_uring/napi: remove duplicate io_napi_entry timeout assignation 2024-08-12 12:11:42 -06:00
napi.h io_uring/napi: check napi_enabled in io_napi_add() before proceeding 2024-08-12 12:09:03 -06:00
net.c io_uring/net: don't pick multiple buffers for non-bundle send 2024-08-07 15:20:52 -06:00
net.h io_uring: Introduce IORING_OP_LISTEN 2024-06-19 07:57:21 -06:00
nop.c io_uring: support to inject result for NOP 2024-05-10 06:09:45 -06:00
nop.h io_uring: move nop into its own file 2022-07-24 18:39:11 -06:00
notif.c io_uring/notif: disable LAZY_WAKE for linked notifs 2024-04-30 13:06:27 -06:00
notif.h io_uring/notif: implement notification stacking 2024-04-22 19:31:18 -06:00
opdef.c io_uring: Fix probe of disabled operations 2024-06-19 08:58:00 -06:00
opdef.h io_uring: Fix probe of disabled operations 2024-06-19 08:58:00 -06:00
openclose.c
openclose.h
poll.c io_uring: keep multishot request NAPI timeout current 2024-07-30 06:18:58 -06:00
poll.h io_uring/poll: shrink alloc cache size to 32 2024-04-15 08:10:25 -06:00
refs.h io_uring: kill dead code in io_req_complete_post 2024-04-15 08:10:26 -06:00
register.c io_uring: Allocate only necessary memory in io_probe 2024-06-19 08:58:00 -06:00
register.h
rsrc.c io_uring/rsrc: ensure compat iovecs are copied correctly 2024-08-30 07:52:43 -06:00
rsrc.h io_uring: remove io_req_put_rsrc_locked() 2024-04-15 08:10:26 -06:00
rw.c fs: Initial atomic write support 2024-06-20 15:19:17 -06:00
rw.h io_uring/alloc_cache: switch to array based caching 2024-04-15 08:10:25 -06:00
slist.h
splice.c
splice.h
sqpoll.c io_uring/sqpoll: annotate debug task == current with data_race() 2024-08-13 06:10:59 -06:00
sqpoll.h io_uring/sqpoll: statistics of the true utilization of sq threads 2024-03-01 06:28:19 -07:00
statx.c vfs: retire user_path_at_empty and drop empty arg from getname_flags 2024-06-05 17:03:57 +02:00
statx.h
sync.c
sync.h
tctx.c
tctx.h
timeout.c io_uring: fix io_match_task must_hold 2024-07-24 08:01:49 -06:00
timeout.h
truncate.c io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
truncate.h io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
uring_cmd.c io_uring: simplify io_uring_cmd return 2024-07-24 08:01:49 -06:00
uring_cmd.h io_uring/alloc_cache: switch to array based caching 2024-04-15 08:10:25 -06:00
waitid.c io_uring: remove struct io_tw_state::locked 2024-04-15 08:10:24 -06:00
waitid.h
xattr.c vfs: retire user_path_at_empty and drop empty arg from getname_flags 2024-06-05 17:03:57 +02:00
xattr.h