diff options
| author | Jens Axboe <axboe@kernel.dk> | 2019-05-14 20:00:30 -0600 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-06-15 11:53:06 +0200 |
| commit | cf1fa8c91fbd1111782bac82cdd01b6330bfbbca (patch) | |
| tree | 25e4c73a1a561ddaaa0f0e4d477d195b18dc08c4 | |
| parent | bc9dcb27e9dfbddcb8e1627e509b4e4b637c4415 (diff) | |
io_uring: fix failure to verify SQ_AFF cpu
commit 44a9bd18a0f06bba19d155aeaa11e2edce898293 upstream.
The test case we have is rightfully failing with the current kernel:
io_uring_setup(1, 0x7ffe2cafebe0), flags: IORING_SETUP_SQPOLL|IORING_SETUP_SQ_AFF, resv: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000, sq_thread_cpu: 4
expected -1, got 3
This is in a vm, and CPU3 is the last valid one, hence asking for 4
should fail the setup with -EINVAL, not succeed. The problem is that
we're using array_index_nospec() with nr_cpu_ids as the index, hence we
wrap and end up using CPU0 instead of CPU4. This makes the setup
succeed where it should be failing.
We don't need to use array_index_nospec() as we're not indexing any
array with this. Instead just compare with nr_cpu_ids directly. This
is fine as we're checking with cpu_online() afterwards.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/io_uring.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 30a5687a17b6..28269a0c5037 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2330,10 +2330,11 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx, ctx->sq_thread_idle = HZ; if (p->flags & IORING_SETUP_SQ_AFF) { - int cpu = array_index_nospec(p->sq_thread_cpu, - nr_cpu_ids); + int cpu = p->sq_thread_cpu; ret = -EINVAL; + if (cpu >= nr_cpu_ids) + goto err; if (!cpu_online(cpu)) goto err; |