io_uring: Allocate only necessary memory in io_probe

We write at most IORING_OP_LAST entries in the probe buffer, so we don't need to allocate temporary space for more than that. As a side effect, we no longer can overflow "size". Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Link: https://lore.kernel.org/r/20240619020620.5301-3-krisman@suse.deSigned-off-by: Jens Axboe <axboe@kernel.dk>

io_uring: Allocate only necessary memory in io_probe
We write at most IORING_OP_LAST entries in the probe buffer, so we don't need to allocate temporary space for more than that. As a side effect, we no longer can overflow "size". Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Link: https://lore.kernel.org/r/20240619020620.5301-3-krisman@suse.deSigned-off-by: Jens Axboe <axboe@kernel.dk>
6bc9199d · Gabriel Krisman Bertazi · Jens Axboe · 3e05b222 · 6bc9199d
Commit 6bc9199d authored Jun 18, 2024 by Gabriel Krisman Bertazi Committed by Jens Axboe Jun 19, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 4 deletions

io_uring/register.c io_uring/register.c +3 -4

No files found.
--- a/io_uring/register.c
+++ b/io_uring/register.c
@@ -39,9 +39,10 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg,
 	size_t size;
 	int i, ret;

+	if (nr_args > IORING_OP_LAST)
+		nr_args = IORING_OP_LAST;
+
 	size = struct_size(p, ops, nr_args);
-	if (size == SIZE_MAX)
-		return -EOVERFLOW;
 	p = kzalloc(size, GFP_KERNEL);
 	if (!p)
 		return -ENOMEM;
@@ -54,8 +55,6 @@ static __cold int io_probe(struct io_ring_ctx *ctx, void __user *arg,
 		goto out;

 	p->last_op = IORING_OP_LAST - 1;
-	if (nr_args > IORING_OP_LAST)
-		nr_args = IORING_OP_LAST;

 	for (i = 0; i < nr_args; i++) {
 		p->ops[i].op = i;