korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 20:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
b4a666fd64
linux/io_uring
History
Dan Carpenter 0c8c74bb59 io_uring/net: fix overflow check in io_recvmsg_mshot_prep() 
[ Upstream commit 8ede3db506 ]

The "controllen" variable is type size_t (unsigned long).  Casting it
to int could lead to an integer underflow.

The check_add_overflow() function considers the type of the destination
which is type int.  If we add two positive values and the result cannot
fit in an integer then that's counted as an overflow.

However, if we cast "controllen" to an int and it turns negative, then
negative values *can* fit into an int type so there is no overflow.

Good: 100 + (unsigned long)-4 = 96  <-- overflow
 Bad: 100 + (int)-4 = 96 <-- no overflow

I deleted the cast of the sizeof() as well.  That's not a bug but the
cast is unnecessary.

Fixes: 9b0fc3c054 ("io_uring: fix types in io_recvmsg_multishot_overflow")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/138bd2e2-ede8-4bcc-aa7b-f3d9de167a37@moroto.mountain
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-03-26 18:18:01 -04:00
..
advise.c io_uring: always go async for unsupported fadvise flags 2023-01-29 15:18:26 -07:00
advise.h
alloc_cache.h io_uring/rsrc: consolidate node caching 2023-04-12 12:09:41 -06:00
cancel.c io_uring: use fget/fput consistently 2023-11-28 11:56:29 -07:00
cancel.h io_uring: add support for futex wake and wait 2023-09-29 02:36:57 -06:00
epoll.c io_uring: undeprecate epoll_ctl support 2023-05-26 20:22:41 -06:00
epoll.h
fdinfo.c io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval 2023-11-15 06:35:46 -07:00
fdinfo.h
filetable.c io_uring: drop any code related to SCM_RIGHTS 2024-03-26 18:17:49 -04:00
filetable.h io_uring: add helpers to decode the fixed file file_ptr 2023-06-20 09:36:22 -06:00
fs.c io_uring/fs: consider link->flags when getting path for LINKAT 2023-11-20 09:01:42 -07:00
fs.h
futex.c io_uring: add support for vectored futex waits 2023-09-29 02:37:08 -06:00
futex.h io_uring: add support for vectored futex waits 2023-09-29 02:37:08 -06:00
io_uring.c io_uring: remove unconditional looping in local task_work handling 2024-03-26 18:17:58 -04:00
io_uring.h io_uring/unix: drop usage of io_uring socket 2024-03-26 18:17:49 -04:00
io-wq.c io-wq: fully initialize wqe before calling cpuhp_state_add_instance_nocalls() 2023-10-05 14:11:18 -06:00
io-wq.h io_uring: break out of iowq iopoll on teardown 2023-09-07 09:02:27 -06:00
kbuf.c io_uring/kbuf: check for buffer list readiness after NULL check 2023-12-05 07:02:13 -07:00
kbuf.h io_uring: free io_buffer_list entries via RCU 2023-11-28 11:45:02 -07:00
Makefile io_uring: add support for futex wake and wait 2023-09-29 02:36:57 -06:00
msg_ring.c io_uring: use io_file_from_index in io_msg_grab_file 2023-06-20 09:36:22 -06:00
msg_ring.h io_uring: get rid of double locking 2022-12-07 06:47:13 -07:00
net.c io_uring/net: fix overflow check in io_recvmsg_mshot_prep() 2024-03-26 18:18:01 -04:00
net.h io_uring: Add KASAN support for alloc_caches 2023-04-03 07:16:14 -06:00
nop.c
nop.h
notif.c io_uring/notif: add constant for ubuf_info flags 2023-04-15 14:21:04 -06:00
notif.h io_uring/notif: add constant for ubuf_info flags 2023-04-15 14:21:04 -06:00
opdef.c io_uring/rw: add separate prep handler for fixed read/write 2023-11-06 07:43:16 -07:00
opdef.h io_uring/rw: mark readv/writev as vectored in the opcode definition 2023-09-21 12:00:46 -06:00
openclose.c io_uring: use files_lookup_fd_locked() 2023-10-19 11:02:49 +02:00
openclose.h
poll.c io_uring/poll: add requeue return code from poll multishot handling 2024-02-16 19:14:31 +01:00
poll.h io_uring/rw: ensure poll based multishot read retries appropriately 2024-02-16 19:14:30 +01:00
refs.h
rsrc.c io_uring: drop any code related to SCM_RIGHTS 2024-03-26 18:17:49 -04:00
rsrc.h io_uring: drop any code related to SCM_RIGHTS 2024-03-26 18:17:49 -04:00
rw.c io_uring/rw: ensure poll based multishot read retries appropriately 2024-02-16 19:14:30 +01:00
rw.h io_uring/rw: add separate prep handler for fixed read/write 2023-11-06 07:43:16 -07:00
slist.h io_uring: silence variable ‘prev’ set but not used warning 2023-03-09 10:10:58 -07:00
splice.c io_uring/splice: use fput() directly 2023-08-10 10:24:25 -06:00
splice.h
sqpoll.c io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval 2023-11-15 06:35:46 -07:00
sqpoll.h io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used 2023-08-16 13:40:28 -06:00
statx.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
statx.h
sync.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
sync.h
tctx.c io_uring: Add io_uring_setup flag to pre-register ring fd and never install it 2023-05-16 08:06:00 -06:00
tctx.h io_uring: simplify __io_uring_add_tctx_node 2022-10-07 12:25:30 -06:00
timeout.c io_uring: never overflow io_aux_cqe 2023-08-11 10:42:57 -06:00
timeout.h io_uring: remove unused return from io_disarm_next 2022-09-21 13:15:01 -06:00
uring_cmd.c io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation 2023-12-14 16:52:13 -07:00
uring_cmd.h io_uring: Remove unnecessary BUILD_BUG_ON 2023-05-04 08:19:05 -06:00
waitid.c io_uring: add IORING_OP_WAITID support 2023-09-21 12:04:45 -06:00
waitid.h io_uring: add IORING_OP_WAITID support 2023-09-21 12:04:45 -06:00
xattr.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
xattr.h