io_uring: fortify io_pin_pages with a warning

We're a bit too frivolous with types of nr_pages arguments, converting it to long and back to int, passing an unsigned int pointer as an int pointer and so on. Shouldn't cause any problem but should be carefully reviewed, but until then let's add a WARN_ON_ONCE check to be more confident callers don't pass poorely checked arguents. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/d48e0c097cbd90fb47acaddb6c247596510d8cfc.1731689588.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Pavel Begunkov <asml.silence@gmail.com> 2024-11-15 19:54:38 +0300
committer: Jens Axboe <axboe@kernel.dk> 2024-11-15 19:58:34 +0300
commit: 68685fa20edc5307fc893a06473c19661c236f29 (patch)
tree: 33cbd1aa3924c5f9aed8f174e26037d3683d709e /io_uring
parent: 56cec28dc4da396d6032c59ae9614c5a6ae7d7a8 (diff)
download: linux-68685fa20edc5307fc893a06473c19661c236f29.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/io_uring/memmap.c b/io_uring/memmap.c
index 85c66fa54956..6ab59c60dfd0 100644
--- a/io_uring/memmap.c
+++ b/io_uring/memmap.c
@@ -140,6 +140,8 @@ struct page **io_pin_pages(unsigned long uaddr, unsigned long len, int *npages)
 	nr_pages = end - start;
 	if (WARN_ON_ONCE(!nr_pages))
 		return ERR_PTR(-EINVAL);
+	if (WARN_ON_ONCE(nr_pages > INT_MAX))
+		return ERR_PTR(-EOVERFLOW);
 
 	pages = kvmalloc_array(nr_pages, sizeof(struct page *), GFP_KERNEL);
 	if (!pages)
author	Pavel Begunkov <asml.silence@gmail.com>	2024-11-15 19:54:38 +0300
committer	Jens Axboe <axboe@kernel.dk>	2024-11-15 19:58:34 +0300
commit	68685fa20edc5307fc893a06473c19661c236f29 (patch)
tree	33cbd1aa3924c5f9aed8f174e26037d3683d709e /io_uring
parent	56cec28dc4da396d6032c59ae9614c5a6ae7d7a8 (diff)
download	linux-68685fa20edc5307fc893a06473c19661c236f29.tar.xz