Commit ee116574 authored Nov 21, 2024 by Jens Axboe

io_uring/nop: ensure nop->fd is always initialized

A previous commit added file support for nop, but it only initializes
nop->fd if IORING_NOP_FIXED_FILE is set. That check should be
IORING_NOP_FILE. Fix up the condition in nop preparation, and initialize
it to a sane value even if we're not going to be directly using it.

While in there, do the same thing for the nop->buffer field.

Reported-by: <syzbot+9a8500a45c2cabdf9577@syzkaller.appspotmail.com>
Fixes: a85f3105 ("io_uring/nop: add support for testing registered files and buffers")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent f46b9cdb

io_uring/nop.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -35,10 +35,14 @@ int io_nop_prep(struct io_kiocb req, const struct io_uring_sqe sqe)
		nop->result = READ_ONCE(sqe->len);
		else
		nop->result = 0;
		if (nop->flags & IORING_NOP_FIXED_FILE)
		if (nop->flags & IORING_NOP_FILE)
		nop->fd = READ_ONCE(sqe->fd);
		else
		nop->fd = -1;
		if (nop->flags & IORING_NOP_FIXED_BUFFER)
		nop->buffer = READ_ONCE(sqe->buf_index);
		else
		nop->buffer = -1;
		return 0;
		}