summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Begunkov <asml.silence@gmail.com>2021-02-20 01:39:53 +0000
committerJens Axboe <axboe@kernel.dk>2021-02-20 19:02:45 -0700
commitebf4a5db690a47e71056381ead8a134de7202694 (patch)
treecd9b8363a2fb5746232be481d088295b735821c7
parent88f171ab7798a1ed0b9e39867ee16f307466e870 (diff)
io_uring: fix leaving invalid req->flags
sqe->flags are subset of req flags, so incorrectly copied may span into in-kernel flags and wreck havoc, e.g. by setting REQ_F_INFLIGHT. Fixes: 5be9ad1e4287e ("io_uring: optimise io_init_req() flags setting") Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
-rw-r--r--fs/io_uring.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 5cc02226bb38..1501f20fde84 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -6679,8 +6679,10 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
req->result = 0;
/* enforce forwards compatibility on users */
- if (unlikely(sqe_flags & ~SQE_VALID_FLAGS))
+ if (unlikely(sqe_flags & ~SQE_VALID_FLAGS)) {
+ req->flags = 0;
return -EINVAL;
+ }
if (unlikely(req->opcode >= IORING_OP_LAST))
return -EINVAL;