diff options
author | Pavel Begunkov <asml.silence@gmail.com> | 2024-11-15 16:54:38 +0000 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2024-11-15 09:58:34 -0700 |
commit | 68685fa20edc5307fc893a06473c19661c236f29 (patch) | |
tree | 33cbd1aa3924c5f9aed8f174e26037d3683d709e /io_uring | |
parent | 56cec28dc4da396d6032c59ae9614c5a6ae7d7a8 (diff) |
io_uring: fortify io_pin_pages with a warning
We're a bit too frivolous with types of nr_pages arguments, converting
it to long and back to int, passing an unsigned int pointer as an int
pointer and so on. Shouldn't cause any problem but should be carefully
reviewed, but until then let's add a WARN_ON_ONCE check to be more
confident callers don't pass poorely checked arguents.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/d48e0c097cbd90fb47acaddb6c247596510d8cfc.1731689588.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'io_uring')
-rw-r--r-- | io_uring/memmap.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/io_uring/memmap.c b/io_uring/memmap.c index 85c66fa54956..6ab59c60dfd0 100644 --- a/io_uring/memmap.c +++ b/io_uring/memmap.c @@ -140,6 +140,8 @@ struct page **io_pin_pages(unsigned long uaddr, unsigned long len, int *npages) nr_pages = end - start; if (WARN_ON_ONCE(!nr_pages)) return ERR_PTR(-EINVAL); + if (WARN_ON_ONCE(nr_pages > INT_MAX)) + return ERR_PTR(-EOVERFLOW); pages = kvmalloc_array(nr_pages, sizeof(struct page *), GFP_KERNEL); if (!pages) |