io_uring: verify that resv2 is 0 in io_uring_rsrc_update2

Verify that the user does not pass in anything but 0 for this field. Fixes: 992da01a ("io_uring: change registration/upd/rsrc tagging ABI") Signed-off-by: Dylan Yudaken <dylany@fb.com> Link: https://lore.kernel.org/r/20220412163042.2788062-3-dylany@fb.comSigned-off-by: Jens Axboe <axboe@kernel.dk>

io_uring: verify that resv2 is 0 in io_uring_rsrc_update2
Verify that the user does not pass in anything but 0 for this field. Fixes: 992da01a ("io_uring: change registration/upd/rsrc tagging ABI") Signed-off-by: Dylan Yudaken <dylany@fb.com> Link: https://lore.kernel.org/r/20220412163042.2788062-3-dylany@fb.comSigned-off-by: Jens Axboe <axboe@kernel.dk>
d8a3ba9c · Dylan Yudaken · Jens Axboe · 565c5e61 · d8a3ba9c
Commit d8a3ba9c authored Apr 12, 2022 by Dylan Yudaken Committed by Jens Axboe Apr 12, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

fs/io_uring.c fs/io_uring.c +3 -2

No files found.
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -6839,6 +6839,7 @@ static int io_files_update(struct io_kiocb *req, unsigned int issue_flags)
 	up.nr = 0;
 	up.tags = 0;
 	up.resv = 0;
+	up.resv2 = 0;

 	io_ring_submit_lock(ctx, needs_lock);
 	ret = __io_register_rsrc_update(ctx, IORING_RSRC_FILE,
@@ -11423,7 +11424,7 @@ static int io_register_files_update(struct io_ring_ctx *ctx, void __user *arg,
 	memset(&up, 0, sizeof(up));
 	if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update)))
 		return -EFAULT;
-	if (up.resv)
+	if (up.resv || up.resv2)
 		return -EINVAL;
 	return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args);
 }
@@ -11437,7 +11438,7 @@ static int io_register_rsrc_update(struct io_ring_ctx *ctx, void __user *arg,
 		return -EINVAL;
 	if (copy_from_user(&up, arg, sizeof(up)))
 		return -EFAULT;
-	if (!up.nr || up.resv)
+	if (!up.nr || up.resv || up.resv2)
 		return -EINVAL;
 	return __io_register_rsrc_update(ctx, type, &up, up.nr);
 }