io_uring/rsrc: clean up buffer cloning arg validation
Get rid of some redundant checks and move the src arg validation to before the buffer table allocation, which simplifies error handling. Signed-off-by: Joanne Koong <joannelkoong@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>pull/1354/merge
Joanne Koong
Jens Axboe
parent
f345be751b
commit
b8201b50e4
|
|
@ -1186,12 +1186,16 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
nbufs = src_ctx->buf_table.nr;
|
nbufs = src_ctx->buf_table.nr;
|
||||||
|
if (!nbufs)
|
||||||
|
return -ENXIO;
|
||||||
if (!arg->nr)
|
if (!arg->nr)
|
||||||
arg->nr = nbufs;
|
arg->nr = nbufs;
|
||||||
else if (arg->nr > nbufs)
|
else if (arg->nr > nbufs)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
else if (arg->nr > IORING_MAX_REG_BUFFERS)
|
else if (arg->nr > IORING_MAX_REG_BUFFERS)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
if (check_add_overflow(arg->nr, arg->src_off, &off) || off > nbufs)
|
||||||
|
return -EOVERFLOW;
|
||||||
if (check_add_overflow(arg->nr, arg->dst_off, &nbufs))
|
if (check_add_overflow(arg->nr, arg->dst_off, &nbufs))
|
||||||
return -EOVERFLOW;
|
return -EOVERFLOW;
|
||||||
if (nbufs > IORING_MAX_REG_BUFFERS)
|
if (nbufs > IORING_MAX_REG_BUFFERS)
|
||||||
|
|
@ -1211,21 +1215,6 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = -ENXIO;
|
|
||||||
nbufs = src_ctx->buf_table.nr;
|
|
||||||
if (!nbufs)
|
|
||||||
goto out_free;
|
|
||||||
ret = -EINVAL;
|
|
||||||
if (!arg->nr)
|
|
||||||
arg->nr = nbufs;
|
|
||||||
else if (arg->nr > nbufs)
|
|
||||||
goto out_free;
|
|
||||||
ret = -EOVERFLOW;
|
|
||||||
if (check_add_overflow(arg->nr, arg->src_off, &off))
|
|
||||||
goto out_free;
|
|
||||||
if (off > nbufs)
|
|
||||||
goto out_free;
|
|
||||||
|
|
||||||
off = arg->dst_off;
|
off = arg->dst_off;
|
||||||
i = arg->src_off;
|
i = arg->src_off;
|
||||||
nr = arg->nr;
|
nr = arg->nr;
|
||||||
|
|
@ -1238,8 +1227,8 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx
|
||||||
} else {
|
} else {
|
||||||
dst_node = io_rsrc_node_alloc(ctx, IORING_RSRC_BUFFER);
|
dst_node = io_rsrc_node_alloc(ctx, IORING_RSRC_BUFFER);
|
||||||
if (!dst_node) {
|
if (!dst_node) {
|
||||||
ret = -ENOMEM;
|
io_rsrc_data_free(ctx, &data);
|
||||||
goto out_free;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
refcount_inc(&src_node->buf->refs);
|
refcount_inc(&src_node->buf->refs);
|
||||||
|
|
@ -1265,10 +1254,6 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx
|
||||||
WARN_ON_ONCE(ctx->buf_table.nr);
|
WARN_ON_ONCE(ctx->buf_table.nr);
|
||||||
ctx->buf_table = data;
|
ctx->buf_table = data;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
out_free:
|
|
||||||
io_rsrc_data_free(ctx, &data);
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue