Skip to content

Commit 8622b20

Browse files
Ming Leiaxboe
Ming Lei
authored and
axboe
committed
io_uring: add validate_fixed_range() for validate fixed buffer
Add helper of validate_fixed_range() for validating fixed buffer range. Signed-off-by: Ming Lei <ming.lei@redhat.com> Reviewed-by: Caleb Sander Mateos <csander@purestorage.com> Link: https://lore.kernel.org/r/20250325135155.935398-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 parent f8554f5 commit 8622b20

File tree

1 file changed

+22
-11
lines changed

1 file changed

+22
-11
lines changed

io_uring/rsrc.c

Lines changed: 22 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1002,22 +1002,33 @@ int io_buffer_unregister_bvec(struct io_uring_cmd *cmd, unsigned int index,
10021002
}
10031003
EXPORT_SYMBOL_GPL(io_buffer_unregister_bvec);
10041004

1005-
static int io_import_fixed(int ddir, struct iov_iter *iter,
1006-
struct io_mapped_ubuf *imu,
1007-
u64 buf_addr, size_t len)
1005+
static int validate_fixed_range(u64 buf_addr, size_t len,
1006+
const struct io_mapped_ubuf *imu)
10081007
{
10091008
u64 buf_end;
1010-
size_t offset;
10111009

1012-
if (WARN_ON_ONCE(!imu))
1013-
return -EFAULT;
10141010
if (unlikely(check_add_overflow(buf_addr, (u64)len, &buf_end)))
10151011
return -EFAULT;
10161012
/* not inside the mapped region */
10171013
if (unlikely(buf_addr < imu->ubuf || buf_end > (imu->ubuf + imu->len)))
10181014
return -EFAULT;
10191015
if (unlikely(len > MAX_RW_COUNT))
10201016
return -EFAULT;
1017+
return 0;
1018+
}
1019+
1020+
static int io_import_fixed(int ddir, struct iov_iter *iter,
1021+
struct io_mapped_ubuf *imu,
1022+
u64 buf_addr, size_t len)
1023+
{
1024+
size_t offset;
1025+
int ret;
1026+
1027+
if (WARN_ON_ONCE(!imu))
1028+
return -EFAULT;
1029+
ret = validate_fixed_range(buf_addr, len, imu);
1030+
if (unlikely(ret))
1031+
return ret;
10211032
if (!(imu->dir & (1 << ddir)))
10221033
return -EFAULT;
10231034

@@ -1307,12 +1318,12 @@ static int io_vec_fill_bvec(int ddir, struct iov_iter *iter,
13071318
u64 buf_addr = (u64)(uintptr_t)iovec[iov_idx].iov_base;
13081319
struct bio_vec *src_bvec;
13091320
size_t offset;
1310-
u64 buf_end;
1321+
int ret;
1322+
1323+
ret = validate_fixed_range(buf_addr, iov_len, imu);
1324+
if (unlikely(ret))
1325+
return ret;
13111326

1312-
if (unlikely(check_add_overflow(buf_addr, (u64)iov_len, &buf_end)))
1313-
return -EFAULT;
1314-
if (unlikely(buf_addr < imu->ubuf || buf_end > (imu->ubuf + imu->len)))
1315-
return -EFAULT;
13161327
if (unlikely(!iov_len))
13171328
return -EFAULT;
13181329
if (unlikely(check_add_overflow(total_len, iov_len, &total_len)))

0 commit comments

Comments
 (0)