mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 10:43:43 +00:00
io_uring-6.11-20240823
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmbIpcwQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgps7jD/4g85GgoO/xLkVHNuV3ZMrDXtgwg3Cuxl2j 26L6vK9ROmKPOdnR1uHHMl7go9N8Vf5mwLvnkON4oMvcOEzAmIyrMrbflYzBslxn nxDP/sCqPHFeiAnH+TscKU7eydaSP39ot/+EIDT3mqegjCkhovMofo1cHtesBxVc aOZk0QvOlg/ME8x1PKFRxdTur0s5kaihlyvI/tOumBORe4FkYSTi5hEntRbL0CSi qTniyPemqQhBPu4CETAzmE4W1YfRoHiSMdh2lsToiHjPAIr5chBnYYljVzeyvyDn Y5ZYrmZbsgaDNPaS0joRpwPcS/j+mWSlLt218SMl9L9E0jLlhVQ2tRcYlzsEEqtG uwwHsJ6qYUvhsoFDOqfMJyhJLQeFtegK2w4xkiJKPaWHARQ985ggWSKzaTMCTbpW 5/mgk84I6diZQSFWgTywPwW0Wh+t/bW0mHngRQjPDxa6ZlJeAHoH59PZlzON/Kst Tt+tphM3xCoKSJV4YsZLDx3qrWPumqa3ktsj4RqBxsysjzQUkSgF50XimuwyZjaL nHMeBud4cIN3U4BlH0B6JcfYOKqgWRBSGxysySq7Qh4Dhe1S4dm6r7I1+BZGLhlV imcZVo5QYxXVZHhiOx5nxLlygd17vfBzF+mMSFPdnkPZe4O9UVVsh2/2Vv7rB7s+ SSSkXHkuqg== =vmbf -----END PGP SIGNATURE----- Merge tag 'io_uring-6.11-20240823' of git://git.kernel.dk/linux Pull io_uring fix from Jens Axboe: "Just a single fix for provided buffer validation" * tag 'io_uring-6.11-20240823' of git://git.kernel.dk/linux: io_uring/kbuf: sanitize peek buffer setup
This commit is contained in:
Linus Torvalds
commit
489270f44c
@ -218,10 +218,13 @@ static int io_ring_buffers_peek(struct io_kiocb *req, struct buf_sel_arg *arg,
|
||||
|
||||
buf = io_ring_head_to_buf(br, head, bl->mask);
|
||||
if (arg->max_len) {
|
||||
int needed;
|
||||
u32 len = READ_ONCE(buf->len);
|
||||
size_t needed;
|
||||
|
||||
needed = (arg->max_len + buf->len - 1) / buf->len;
|
||||
needed = min(needed, PEEK_MAX_IMPORT);
|
||||
if (unlikely(!len))
|
||||
return -ENOBUFS;
|
||||
needed = (arg->max_len + len - 1) / len;
|
||||
needed = min_not_zero(needed, (size_t) PEEK_MAX_IMPORT);
|
||||
if (nr_avail > needed)
|
||||
nr_avail = needed;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user