linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 13:53:33 +00:00

History

Jens Axboe fbd77ce1d1 io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers commit `72bd80252f` upstream. If we use IORING_OP_RECV with provided buffers and pass in '0' as the length of the request, the length is retrieved from the selected buffer. If MSG_WAITALL is also set and we get a short receive, then we may hit the retry path which decrements sr->len and increments the buffer for a retry. However, the length is still zero at this point, which means that sr->len now becomes huge and import_ubuf() will cap it to MAX_RW_COUNT and subsequently return -EFAULT for the range as a whole. Fix this by always assigning sr->len once the buffer has been selected. Cc: stable@vger.kernel.org Fixes: `7ba89d2af1` ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly") Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2024-02-16 19:06:30 +01:00
..
advise.c
advise.h
alloc_cache.h	io_uring: fix poll/netmsg alloc caches	2023-04-06 12:10:52 +02:00
cancel.c	io_uring/cancel: re-grab ctx mutex after finishing wait	2023-01-12 12:02:38 +01:00
cancel.h
epoll.c	io_uring: undeprecate epoll_ctl support	2023-06-09 10:34:23 +02:00
epoll.h
fdinfo.c	io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid	2023-11-02 09:35:29 +01:00
fdinfo.h
filetable.c	io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()	2023-03-30 12:49:25 +02:00
filetable.h
fs.c	io_uring/fs: consider link->flags when getting path for LINKAT	2023-12-03 07:32:11 +01:00
fs.h
io-wq.c	io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used	2023-09-19 12:27:54 +02:00
io-wq.h	io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used	2023-09-19 12:27:54 +02:00
io_uring.c	io_uring: fix mutex_unlock with unreferenced ctx	2023-12-13 18:39:18 +01:00
io_uring.h	io_uring: mark task TASK_RUNNING before handling resume/task work	2023-03-10 09:34:07 +01:00
kbuf.c	io_uring/kbuf: Allow the full buffer id space for provided buffers	2023-11-20 11:52:00 +01:00
kbuf.h
Makefile
msg_ring.c	io_uring/msg_ring: fix missing lock on overflow for IOPOLL	2023-08-30 16:11:05 +02:00
msg_ring.h	io_uring: get rid of double locking	2023-08-30 16:11:04 +02:00
net.c	io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers	2024-02-16 19:06:30 +01:00
net.h
nop.c
nop.h
notif.c
notif.h
opdef.c	io_uring: get rid of double locking	2023-08-30 16:11:04 +02:00
opdef.h
openclose.c	io_uring: correct check for O_TMPFILE	2023-08-16 18:27:24 +02:00
openclose.h
poll.c	io_uring: always lock in io_apoll_task_func	2023-09-19 12:27:54 +02:00
poll.h	io_uring/poll: allow some retries for poll triggering spuriously	2023-03-11 13:55:43 +01:00
refs.h
rsrc.c	io_uring: fix off-by one bvec index	2023-12-03 07:32:13 +01:00
rsrc.h	io_uring/af_unix: disable sending io_uring over sockets	2023-12-13 18:39:17 +01:00
rw.c	io_uring/rw: ensure io->bytes_done is always initialized	2024-01-25 15:27:41 -08:00
rw.h
slist.h
splice.c
splice.h
sqpoll.c	io_uring: Don't set affinity on a dying sqpoll thread	2023-09-19 12:27:54 +02:00
sqpoll.h	io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used	2023-09-19 12:27:54 +02:00
statx.c
statx.h
sync.c
sync.h
tctx.c
tctx.h
timeout.c	io_uring: annotate offset timeout races	2023-08-11 12:08:24 +02:00
timeout.h
uring_cmd.c	block/io_uring: pass in issue_flags for uring_cmd task_work handling	2023-04-06 12:10:51 +02:00
uring_cmd.h
xattr.c
xattr.h