Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-21 19:41:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
8ede3db506
linux/io_uring
History
Dan Carpenter 8ede3db506 io_uring/net: fix overflow check in io_recvmsg_mshot_prep() 
The "controllen" variable is type size_t (unsigned long).  Casting it
to int could lead to an integer underflow.

The check_add_overflow() function considers the type of the destination
which is type int.  If we add two positive values and the result cannot
fit in an integer then that's counted as an overflow.

However, if we cast "controllen" to an int and it turns negative, then
negative values *can* fit into an int type so there is no overflow.

Good: 100 + (unsigned long)-4 = 96  <-- overflow
 Bad: 100 + (int)-4 = 96 <-- no overflow

I deleted the cast of the sizeof() as well.  That's not a bug but the
cast is unnecessary.

Fixes: 9b0fc3c054 ("io_uring: fix types in io_recvmsg_multishot_overflow")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/138bd2e2-ede8-4bcc-aa7b-f3d9de167a37@moroto.mountain
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2024-03-04 16:33:15 -07:00
..
advise.c
advise.h
alloc_cache.h io_uring: use mempool KASAN hook 2023-12-29 11:58:41 -08:00
cancel.c io_uring/cancel: don't default to setting req->work.cancel_seq 2024-02-08 13:27:06 -07:00
cancel.h io_uring/cancel: don't default to setting req->work.cancel_seq 2024-02-08 13:27:06 -07:00
epoll.c io_uring: undeprecate epoll_ctl support 2023-05-26 20:22:41 -06:00
epoll.h
fdinfo.c io_uring/sqpoll: statistics of the true utilization of sq threads 2024-03-01 06:28:19 -07:00
fdinfo.h
filetable.c io_uring: drop any code related to SCM_RIGHTS 2023-12-19 12:36:34 -07:00
filetable.h io_uring: expand main struct io_kiocb flags to 64-bits 2024-02-08 13:27:03 -07:00
fs.c io_uring/fs: consider link->flags when getting path for LINKAT 2023-11-20 09:01:42 -07:00
fs.h
futex.c io_uring: add support for vectored futex waits 2023-09-29 02:37:08 -06:00
futex.h io_uring: add support for vectored futex waits 2023-09-29 02:37:08 -06:00
io_uring.c io_uring: kill stale comment for io_cqring_overflow_kill() 2024-02-15 14:04:56 -07:00
io_uring.h io_uring/napi: ensure napi polling is aborted when work is available 2024-02-14 13:01:25 -07:00
io-wq.c io-wq: fully initialize wqe before calling cpuhp_state_add_instance_nocalls() 2023-10-05 14:11:18 -06:00
io-wq.h io_uring: break out of iowq iopoll on teardown 2023-09-07 09:02:27 -06:00
kbuf.c io_uring/kbuf: flag request if buffer pool is empty after buffer pick 2024-02-27 11:52:45 -07:00
kbuf.h io_uring/kbuf: cleanup passing back cflags 2024-02-08 13:27:06 -07:00
Makefile io-uring: add napi busy poll support 2024-02-09 11:54:19 -07:00
msg_ring.c io_uring: use io_file_from_index in io_msg_grab_file 2023-06-20 09:36:22 -06:00
msg_ring.h
napi.c io_uring/napi: enable even with a timeout of 0 2024-02-15 15:37:28 -07:00
napi.h io_uring: add register/unregister napi function 2024-02-09 11:54:32 -07:00
net.c io_uring/net: fix overflow check in io_recvmsg_mshot_prep() 2024-03-04 16:33:15 -07:00
net.h
nop.c
nop.h
notif.c io_uring/notif: add constant for ubuf_info flags 2023-04-15 14:21:04 -06:00
notif.h io_uring/notif: add constant for ubuf_info flags 2023-04-15 14:21:04 -06:00
opdef.c io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
opdef.h io_uring/rw: mark readv/writev as vectored in the opcode definition 2023-09-21 12:00:46 -06:00
openclose.c io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL 2024-01-23 15:25:14 -07:00
openclose.h io_uring/openclose: add support for IORING_OP_FIXED_FD_INSTALL 2023-12-12 07:42:57 -07:00
poll.c io-uring: add napi busy poll support 2024-02-09 11:54:19 -07:00
poll.h io_uring/rw: ensure poll based multishot read retries appropriately 2024-01-28 20:37:11 -07:00
refs.h
register.c io_uring: add register/unregister napi function 2024-02-09 11:54:32 -07:00
register.h io_uring/register: move io_uring_register(2) related code to register.c 2023-12-19 08:54:20 -07:00
rsrc.c io_uring: drop any code related to SCM_RIGHTS 2023-12-19 12:36:34 -07:00
rsrc.h io_uring: Don't include af_unix.h. 2024-02-12 19:02:11 -07:00
rw.c io_uring: Don't include af_unix.h. 2024-02-12 19:02:11 -07:00
rw.h io_uring/rw: add separate prep handler for fixed read/write 2023-11-06 07:43:16 -07:00
slist.h
splice.c splice: return type ssize_t from all helpers 2023-12-12 16:19:59 +01:00
splice.h
sqpoll.c io_uring/sqpoll: statistics of the true utilization of sq threads 2024-03-01 06:28:19 -07:00
sqpoll.h io_uring/sqpoll: statistics of the true utilization of sq threads 2024-03-01 06:28:19 -07:00
statx.c
statx.h
sync.c
sync.h
tctx.c io_uring: Add io_uring_setup flag to pre-register ring fd and never install it 2023-05-16 08:06:00 -06:00
tctx.h
timeout.c io_uring: never overflow io_aux_cqe 2023-08-11 10:42:57 -06:00
timeout.h
truncate.c io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
truncate.h io_uring: add support for ftruncate 2024-02-09 09:04:39 -07:00
uring_cmd.c io_uring: Don't include af_unix.h. 2024-02-12 19:02:11 -07:00
uring_cmd.h io_uring: Remove unnecessary BUILD_BUG_ON 2023-05-04 08:19:05 -06:00
waitid.c io_uring: add IORING_OP_WAITID support 2023-09-21 12:04:45 -06:00
waitid.h io_uring: add IORING_OP_WAITID support 2023-09-21 12:04:45 -06:00
xattr.c io_uring: use file_mnt_idmap helper 2024-02-06 19:55:14 -07:00
xattr.h