Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp780989pxb; Tue, 12 Apr 2022 13:17:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxgoTDffLkbNE/uQ4nxvjAuLjazIy2wcDDJO0x0lnlCg3EwiQT0vtNiCCaDSUIKbIc1Mdq4 X-Received: by 2002:a63:d342:0:b0:381:fd6f:4792 with SMTP id u2-20020a63d342000000b00381fd6f4792mr31412076pgi.101.1649794625379; Tue, 12 Apr 2022 13:17:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649794625; cv=none; d=google.com; s=arc-20160816; b=F/CivHIFfgqnH0uu1mmJRc167sNS59lJn9wCThdgJX3EBrdAEKWrN2xDvEFVdXt4IT nJiwZVkfpeyQ+fb4VNElR6AdQ2wT0YUUFnXuuAM05MAnbewz4VnIxZJh2QGYYMY1R3gY DH85bIlA6T7JboMkPB/THI1rGmMNqmUI1uFlXtD0KVMlExiZehG0pO4xOT6JFNYjF/FN GdLojvYqQ/DKZNNJfI2htXd/MRlcCOlM2Q9WNCTO6d8MCyK5PshGEj6wkh0E7HhZMOGX g3m22CDvJjU46geJnKNj3FZMTxAd0ALYXcnHAKoI4bn4mcht3jsmAnybYUV6W0raRhNM NFLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jpJLwlCd/Lo6d9EOp1tU7k+L8lqn56Qe1VGs4ldSBt0=; b=Eg57nB5NY8ReJbFKZoEy0Dy4oAtOr6u8JecLAJDuU//cw5aFwIhSOHrTyhryasX+vE t3pCSy3fOsaonWQN27X8WkuxVvxW3TSjSqufAQpS1+KJBqrMhcGEKZjHaM7vtTnYayUJ EJunJIbLLG4ga+fR1FtvEZbWRIzvvC2Kz/bUK9FES7/mmjmjp62kbTd2ALHlYoRqApI1 OM1aTmGRuzoqCIKJL0I3KjYd/epolww54kJaRg4VOlcLo0ttP896zp/xreigg4I9luEB 5GYcHFIilegvEpX5TKLK11NnPpFuOWjey+NHNyNl/unGhBqu9+A99VyUvIuVS46ipRaV N5cA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=lhDW+wS1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id n12-20020a63f80c000000b003816043f135si3436592pgh.810.2022.04.12.13.17.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 13:17:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=lhDW+wS1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id CC9FF8A330; Tue, 12 Apr 2022 13:00:42 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357634AbiDLQdu (ORCPT + 99 others); Tue, 12 Apr 2022 12:33:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239010AbiDLQd3 (ORCPT ); Tue, 12 Apr 2022 12:33:29 -0400 Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 879D95E16A for ; Tue, 12 Apr 2022 09:31:02 -0700 (PDT) Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23CF0kP2030058 for ; Tue, 12 Apr 2022 09:31:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=facebook; bh=jpJLwlCd/Lo6d9EOp1tU7k+L8lqn56Qe1VGs4ldSBt0=; b=lhDW+wS1PWX7Dd5U0d5//NRgork1OIGL5UlZ3DkxJHOrEGqG+gCYCAv/SvVcEgTgQX14 S5vwRH08+ID1Yp+Qpjf9pPxN2VXUgVs+ZNZFVvbXUwIJ+abYyVPApBmOqK8GqetsPPco 9vESh4MnV7ZgKMqu2zzMsr+1yv428IFNEyk= Received: from maileast.thefacebook.com ([163.114.130.16]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3fdbpj8pek-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 12 Apr 2022 09:31:02 -0700 Received: from twshared14141.02.ash7.facebook.com (2620:10d:c0a8:1b::d) by mail.thefacebook.com (2620:10d:c0a8:82::c) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 12 Apr 2022 09:31:01 -0700 Received: by devbig039.lla1.facebook.com (Postfix, from userid 572232) id 398667456066; Tue, 12 Apr 2022 09:30:48 -0700 (PDT) From: Dylan Yudaken To: CC: , , , , Dylan Yudaken Subject: [PATCH 2/4] io_uring: verify that resv2 is 0 in io_uring_rsrc_update2 Date: Tue, 12 Apr 2022 09:30:40 -0700 Message-ID: <20220412163042.2788062-3-dylany@fb.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220412163042.2788062-1-dylany@fb.com> References: <20220412163042.2788062-1-dylany@fb.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-FB-Internal: Safe Content-Type: text/plain X-Proofpoint-ORIG-GUID: eRMg5F3rRGAyajd58Tpyi9hUQZNAk48j X-Proofpoint-GUID: eRMg5F3rRGAyajd58Tpyi9hUQZNAk48j X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-12_06,2022-04-12_02,2022-02-23_01 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Verify that the user does not pass in anything but 0 for this field. Fixes: 992da01aa932 ("io_uring: change registration/upd/rsrc tagging ABI"= ) Signed-off-by: Dylan Yudaken --- fs/io_uring.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 58bfa71fe3b6..e899192ffb77 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6839,6 +6839,7 @@ static int io_files_update(struct io_kiocb *req, un= signed int issue_flags) up.nr =3D 0; up.tags =3D 0; up.resv =3D 0; + up.resv2 =3D 0; =20 io_ring_submit_lock(ctx, needs_lock); ret =3D __io_register_rsrc_update(ctx, IORING_RSRC_FILE, @@ -11423,7 +11424,7 @@ static int io_register_files_update(struct io_rin= g_ctx *ctx, void __user *arg, memset(&up, 0, sizeof(up)); if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update))) return -EFAULT; - if (up.resv) + if (up.resv || up.resv2) return -EINVAL; return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args); } @@ -11437,7 +11438,7 @@ static int io_register_rsrc_update(struct io_ring= _ctx *ctx, void __user *arg, return -EINVAL; if (copy_from_user(&up, arg, sizeof(up))) return -EFAULT; - if (!up.nr || up.resv) + if (!up.nr || up.resv || up.resv2) return -EINVAL; return __io_register_rsrc_update(ctx, type, &up, up.nr); } --=20 2.30.2