diff options
| author | Gabriel Krisman Bertazi <krisman@suse.de> | 2024-06-18 22:06:19 -0400 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2024-06-19 08:58:00 -0600 |
| commit | 6bc9199d0c84f5cd72922223231c7708698059a2 (patch) | |
| tree | 8f2d7a800df33594bd35d424ea3d9dc7808989e5 /io_uring | |
| parent | 3e05b222382ec67dce7358d50b6006e91d028d8b (diff) | |
| download | linux-6bc9199d0c84f5cd72922223231c7708698059a2.tar.gz linux-6bc9199d0c84f5cd72922223231c7708698059a2.tar.bz2 linux-6bc9199d0c84f5cd72922223231c7708698059a2.zip | |
io_uring: Allocate only necessary memory in io_probe
We write at most IORING_OP_LAST entries in the probe buffer, so we don't
need to allocate temporary space for more than that. As a side effect,
we no longer can overflow "size".
Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
Link: https://lore.kernel.org/r/20240619020620.5301-3-krisman@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'io_uring')
| -rw-r--r-- | io_uring/register.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/io_uring/register.c b/io_uring/register.c index e28cc226217c..e3c20be5a198 100644 --- a/io_uring/register.c +++ b/io_uring/register.c @@ -39,9 +39,10 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg, size_t size; int i, ret; + if (nr_args > IORING_OP_LAST) + nr_args = IORING_OP_LAST; + size = struct_size(p, ops, nr_args); - if (size == SIZE_MAX) - return -EOVERFLOW; p = kzalloc(size, GFP_KERNEL); if (!p) return -ENOMEM; @@ -54,8 +55,6 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg, goto out; p->last_op = IORING_OP_LAST - 1; - if (nr_args > IORING_OP_LAST) - nr_args = IORING_OP_LAST; for (i = 0; i < nr_args; i++) { p->ops[i].op = i; |