io_uring: Allocate only necessary memory in io_probe

We write at most IORING_OP_LAST entries in the probe buffer, so we don't
need to allocate temporary space for more than that.  As a side effect,
we no longer can overflow "size".

Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
Link: https://lore.kernel.org/r/20240619020620.5301-3-krisman@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/register.c b/io_uring/register.c
index e28cc226217cdb119863b3bf846dc8471356c0dc..e3c20be5a198033fbb2c1289f8b901068918bbff 100644 (file)
--- a/io_uring/register.c
+++ b/io_uring/register.c
@@ -39,9 +39,10 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg,
        size_t size;
        int i, ret;
 
+       if (nr_args > IORING_OP_LAST)
+               nr_args = IORING_OP_LAST;
+
        size = struct_size(p, ops, nr_args);
-       if (size == SIZE_MAX)
-               return -EOVERFLOW;
        p = kzalloc(size, GFP_KERNEL);
        if (!p)
                return -ENOMEM;
@@ -54,8 +55,6 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg,
                goto out;
 
        p->last_op = IORING_OP_LAST - 1;
-       if (nr_args > IORING_OP_LAST)
-               nr_args = IORING_OP_LAST;
 
        for (i = 0; i < nr_args; i++) {
                p->ops[i].op = i;