From: "zhangyi (F)"
maillist inclusion
category: bugfix
issue: #I3ZXZF
CVE: NA
Reference: https://lore.kernel.org/lkml/1564451504-27906-1-git-send-email-yi.zhang@huaw...
---------------------------
io_[p]getevents syscall should return -EINVAL if timeout is out of
range, add this validity check.
Signed-off-by: zhangyi (F)
Reviewed-by: Jeff Moyer
Cc: Jeff Moyer
Cc: Arnd Bergmann
Cc: Deepa Dinamani
Signed-off-by: yangerkun
Reviewed-by: zhangyi (F)
Signed-off-by: Chen Jun
Signed-off-by: Yu Changchun
---
fs/aio.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c
index 6a21d8919409..bd182bcca23a 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -2050,10 +2050,17 @@ static long do_io_getevents(aio_context_t ctx_id,
struct io_event __user *events,
struct timespec64 *ts)
{
- ktime_t until = ts ? timespec64_to_ktime(*ts) : KTIME_MAX;
- struct kioctx *ioctx = lookup_ioctx(ctx_id);
+ ktime_t until = KTIME_MAX;
+ struct kioctx *ioctx = NULL;
long ret = -EINVAL;
+ if (ts) {
+ if (!timespec64_valid(ts))
+ return ret;
+ until = timespec64_to_ktime(*ts);
+ }
+
+ ioctx = lookup_ioctx(ctx_id);
if (likely(ioctx)) {
if (likely(min_nr <= nr && min_nr >= 0))
ret = read_events(ioctx, min_nr, nr, events, until);
--
2.22.0
