Commit d785a773 authored by Jens Axboe's avatar Jens Axboe

io_uring: check that we have a file table when allocating update slots

If IORING_FILE_INDEX_ALLOC is set asking for an allocated slot, the
helper doesn't check if we actually have a file table or not. The non
alloc path does do that correctly, and returns -ENXIO if we haven't set
one up.

Do the same for the allocated path, avoiding a NULL pointer dereference
when trying to find a free bit.

Fixes: a7c41b46 ("io_uring: let IORING_OP_FILES_UPDATE support choosing fixed file slots")
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent bdb2c48e
...@@ -7973,6 +7973,9 @@ static int io_files_update_with_index_alloc(struct io_kiocb *req, ...@@ -7973,6 +7973,9 @@ static int io_files_update_with_index_alloc(struct io_kiocb *req,
struct file *file; struct file *file;
int ret, fd; int ret, fd;
if (!req->ctx->file_data)
return -ENXIO;
for (done = 0; done < req->rsrc_update.nr_args; done++) { for (done = 0; done < req->rsrc_update.nr_args; done++) {
if (copy_from_user(&fd, &fds[done], sizeof(fd))) { if (copy_from_user(&fd, &fds[done], sizeof(fd))) {
ret = -EFAULT; ret = -EFAULT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment