io_uring/rsrc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
From b52509776e0f7f9ea703d0551ccaeeaa49ab6440 Mon Sep 17 00:00:00 2001
From: clingfei <clf700383@gmail.com>
Date: Tue, 23 Sep 2025 16:30:30 +0800
Subject: [PATCH] io_uring/rsrc: remove unnecessary check on resv2
The memset sets the up.resv2 to be 0,
and the copy_from_user does not touch it,
thus up.resv2 will always be false.
Signed-off-by: clingfei <clf700383@gmail.com>
---
io_uring/rsrc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c
index f75f5e43fa4a..7006b3ca5404 100644
--- a/io_uring/rsrc.c
+++ b/io_uring/rsrc.c
@@ -372,7 +372,7 @@ int io_register_files_update(struct io_ring_ctx
*ctx, void __user *arg,
memset(&up, 0, sizeof(up));
if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update)))
return -EFAULT;
- if (up.resv || up.resv2)
+ if (up.resv)
return -EINVAL;
return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args);
}
--
2.34.1On 9/23/25 2:41 AM, clingfei wrote: > From b52509776e0f7f9ea703d0551ccaeeaa49ab6440 Mon Sep 17 00:00:00 2001 > From: clingfei <clf700383@gmail.com> > Date: Tue, 23 Sep 2025 16:30:30 +0800 > Subject: [PATCH] io_uring/rsrc: remove unnecessary check on resv2 > > The memset sets the up.resv2 to be 0, > and the copy_from_user does not touch it, > thus up.resv2 will always be false. Please wrap commit messages at around ~72 chars. > Signed-off-by: clingfei <clf700383@gmail.com> > --- > io_uring/rsrc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c > index f75f5e43fa4a..7006b3ca5404 100644 > --- a/io_uring/rsrc.c > +++ b/io_uring/rsrc.c > @@ -372,7 +372,7 @@ int io_register_files_update(struct io_ring_ctx > *ctx, void __user *arg, > memset(&up, 0, sizeof(up)); > if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update))) > return -EFAULT; > - if (up.resv || up.resv2) > + if (up.resv) > return -EINVAL; > return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args); > } White space damaged patch, but more importantly, I don't think this is worth adding. Yes it'll never overwrite resv2 because of the different sizes. Curious how you ran into this? -- Jens Axboe
Jens Axboe <axboe@kernel.dk> 于2025年9月23日周二 16:50写道: > > On 9/23/25 2:41 AM, clingfei wrote: > > From b52509776e0f7f9ea703d0551ccaeeaa49ab6440 Mon Sep 17 00:00:00 2001 > > From: clingfei <clf700383@gmail.com> > > Date: Tue, 23 Sep 2025 16:30:30 +0800 > > Subject: [PATCH] io_uring/rsrc: remove unnecessary check on resv2 > > > > The memset sets the up.resv2 to be 0, > > and the copy_from_user does not touch it, > > thus up.resv2 will always be false. > > Please wrap commit messages at around ~72 chars. > > > Signed-off-by: clingfei <clf700383@gmail.com> > > --- > > io_uring/rsrc.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c > > index f75f5e43fa4a..7006b3ca5404 100644 > > --- a/io_uring/rsrc.c > > +++ b/io_uring/rsrc.c > > @@ -372,7 +372,7 @@ int io_register_files_update(struct io_ring_ctx > > *ctx, void __user *arg, > > memset(&up, 0, sizeof(up)); > > if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update))) > > return -EFAULT; > > - if (up.resv || up.resv2) > > + if (up.resv) > > return -EINVAL; > > return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args); > > } > > White space damaged patch, but more importantly, I don't think this is > worth adding. Yes it'll never overwrite resv2 because of the different > sizes. Curious how you ran into this? > > -- > Jens Axboe During my review of the io_uring code, I noticed that sizeof(io_uring_rsrc_update) is used to initialize a struct io_uring_rsrc_update2. My initial suspicion was that this might be an error, but upon closer inspection, I verified that this usage is intentional and correct.
On 9/23/25 3:10 AM, clingfei wrote: > Jens Axboe <axboe@kernel.dk> ?2025?9?23??? 16:50??? >> >> On 9/23/25 2:41 AM, clingfei wrote: >>> From b52509776e0f7f9ea703d0551ccaeeaa49ab6440 Mon Sep 17 00:00:00 2001 >>> From: clingfei <clf700383@gmail.com> >>> Date: Tue, 23 Sep 2025 16:30:30 +0800 >>> Subject: [PATCH] io_uring/rsrc: remove unnecessary check on resv2 >>> >>> The memset sets the up.resv2 to be 0, >>> and the copy_from_user does not touch it, >>> thus up.resv2 will always be false. >> >> Please wrap commit messages at around ~72 chars. >> >>> Signed-off-by: clingfei <clf700383@gmail.com> >>> --- >>> io_uring/rsrc.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c >>> index f75f5e43fa4a..7006b3ca5404 100644 >>> --- a/io_uring/rsrc.c >>> +++ b/io_uring/rsrc.c >>> @@ -372,7 +372,7 @@ int io_register_files_update(struct io_ring_ctx >>> *ctx, void __user *arg, >>> memset(&up, 0, sizeof(up)); >>> if (copy_from_user(&up, arg, sizeof(struct io_uring_rsrc_update))) >>> return -EFAULT; >>> - if (up.resv || up.resv2) >>> + if (up.resv) >>> return -EINVAL; >>> return __io_register_rsrc_update(ctx, IORING_RSRC_FILE, &up, nr_args); >>> } >> >> White space damaged patch, but more importantly, I don't think this is >> worth adding. Yes it'll never overwrite resv2 because of the different >> sizes. Curious how you ran into this? >> >> -- >> Jens Axboe > > During my review of the io_uring code, I noticed that > sizeof(io_uring_rsrc_update) is used to initialize a struct > io_uring_rsrc_update2. My initial suspicion was that this might be an > error, but upon closer inspection, I verified that this usage is > intentional and correct. Gotcha. Yes it overlays the struct. I'm not vehemently opposed to your patch, but it'd be nice if it came with a comment as well as to why just checking the first part is enough. And, of course, with the other things I mentioned fixed too. So feel free to resend, if you wish. -- Jens Axboe
© 2016 - 2025 Red Hat, Inc.