@@ -3239,6 +3239,7 @@ static int io_validate_ext_arg(unsigned flags, const void __user *argp, size_t a
static int io_get_ext_arg(unsigned flags, const void __user *argp,
struct ext_arg *ext_arg)
{
+ const struct io_uring_getevents_arg __user *uarg = argp;
struct io_uring_getevents_arg arg;
/*
@@ -3256,8 +3257,19 @@ static int io_get_ext_arg(unsigned flags, const void __user *argp,
*/
if (ext_arg->argsz != sizeof(arg))
return -EINVAL;
- if (copy_from_user(&arg, argp, sizeof(arg)))
+ if (!user_access_begin(uarg, sizeof(*uarg)))
return -EFAULT;
+#ifdef CONFIG_64BIT
+ unsafe_get_user(arg.sigmask, &uarg->sigmask, uaccess_end);
+ unsafe_get_user(arg.ts, &uarg->ts, uaccess_end);
+#else
+ unsafe_copy_from_user(&arg.sigmask, &uarg->sigmask, sizeof(arg.sigmask),
+ uaccess_end);
+ unsafe_copy_from_user(&arg.ts, &uarg->ts, sizeof(arg.ts), uaccess_end);
+#endif
+ unsafe_get_user(arg.min_wait_usec, &uarg->min_wait_usec, uaccess_end);
+ unsafe_get_user(arg.sigmask_sz, &uarg->sigmask_sz, uaccess_end);
+ user_access_end();
ext_arg->min_time = arg.min_wait_usec * NSEC_PER_USEC;
ext_arg->sig = u64_to_user_ptr(arg.sigmask);
ext_arg->argsz = arg.sigmask_sz;
@@ -3267,6 +3279,9 @@ static int io_get_ext_arg(unsigned flags, const void __user *argp,
ext_arg->ts_set = true;
}
return 0;
+uaccess_end:
+ user_access_end();
+ return -EFAULT;
}
SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,