io_uring: cqe init hardening

io_kiocb::cqe stores the completion info which we'll memcpy to userspace, and we rely on callbacks and other later steps to populate it with right values. We have never had problems with that, but it would still be safer to zero it on allocation. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/b16a3b64dde678686460d3c3792c3ba6d3d1bc7a.1692916914.git.asml.silence@gmail.comSigned-off-by: Jens Axboe <axboe@kernel.dk>

io_uring: cqe init hardening
io_kiocb::cqe stores the completion info which we'll memcpy to userspace, and we rely on callbacks and other later steps to populate it with right values. We have never had problems with that, but it would still be safer to zero it on allocation. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/b16a3b64dde678686460d3c3792c3ba6d3d1bc7a.1692916914.git.asml.silence@gmail.comSigned-off-by: Jens Axboe <axboe@kernel.dk>
31d3ba92 · Pavel Begunkov · Jens Axboe · a0727c73 · 31d3ba92
Commit 31d3ba92 authored Aug 24, 2023 by Pavel Begunkov Committed by Jens Axboe Aug 24, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

io_uring/io_uring.c io_uring/io_uring.c +1 -1

No files found.
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1056,7 +1056,7 @@ static void io_preinit_req(struct io_kiocb *req, struct io_ring_ctx *ctx)
 	req->link = NULL;
 	req->async_data = NULL;
 	/* not necessary, but safer to zero */
-	req->cqe.res = 0;
+	memset(&req->cqe, 0, sizeof(req->cqe));
 }

 static void io_flush_cached_locked_reqs(struct io_ring_ctx *ctx,