Commit 85f6c439 authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Jens Axboe
Browse files

io_uring/timeout: READ_ONCE sqe->addr 



We should use READ_ONCE when reading from a SQE, make sure timeout gets
a stable timespec address.

Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent a4643553

io_uring/timeout.c

+2 −2
Original line number Diff line number Diff line
@@ -462,7 +462,7 @@ int io_timeout_remove_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) 
			tr->ltimeout = true;

		if (tr->flags & ~(IORING_TIMEOUT_UPDATE_MASK|IORING_TIMEOUT_ABS))

			return -EINVAL;

		if (get_timespec64(&tr->ts, u64_to_user_ptr(sqe->addr2)))

		if (get_timespec64(&tr->ts, u64_to_user_ptr(READ_ONCE(sqe->addr2))))

			return -EFAULT;

		if (tr->ts.tv_sec < 0 || tr->ts.tv_nsec < 0)

			return -EINVAL;
@@ -557,7 +557,7 @@ static int __io_timeout_prep(struct io_kiocb *req, 
	data->req = req;

	data->flags = flags;



	if (get_timespec64(&data->ts, u64_to_user_ptr(sqe->addr)))

	if (get_timespec64(&data->ts, u64_to_user_ptr(READ_ONCE(sqe->addr))))

		return -EFAULT;



	if (data->ts.tv_sec < 0 || data->ts.tv_nsec < 0)