Skip to content

Commit 6b47d35

Browse files
axboebrauner
axboe
authored and
brauner
committed
eventpoll: abstract out parameter sanity checking
Add a helper that checks the validity of the file descriptor and other parameters passed in to epoll_wait(). Signed-off-by: Jens Axboe <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Christian Brauner <[email protected]>
1 parent 2014c95 commit 6b47d35

File tree

1 file changed

+25
-14
lines changed

1 file changed

+25
-14
lines changed

fs/eventpoll.c

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2445,6 +2445,27 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
24452445
return do_epoll_ctl(epfd, op, fd, &epds, false);
24462446
}
24472447

2448+
static int ep_check_params(struct file *file, struct epoll_event __user *evs,
2449+
int maxevents)
2450+
{
2451+
/* The maximum number of event must be greater than zero */
2452+
if (maxevents <= 0 || maxevents > EP_MAX_EVENTS)
2453+
return -EINVAL;
2454+
2455+
/* Verify that the area passed by the user is writeable */
2456+
if (!access_ok(evs, maxevents * sizeof(struct epoll_event)))
2457+
return -EFAULT;
2458+
2459+
/*
2460+
* We have to check that the file structure underneath the fd
2461+
* the user passed to us _is_ an eventpoll file.
2462+
*/
2463+
if (!is_file_epoll(file))
2464+
return -EINVAL;
2465+
2466+
return 0;
2467+
}
2468+
24482469
/*
24492470
* Implement the event wait interface for the eventpoll file. It is the kernel
24502471
* part of the user space epoll_wait(2).
@@ -2453,26 +2474,16 @@ static int do_epoll_wait(int epfd, struct epoll_event __user *events,
24532474
int maxevents, struct timespec64 *to)
24542475
{
24552476
struct eventpoll *ep;
2456-
2457-
/* The maximum number of event must be greater than zero */
2458-
if (maxevents <= 0 || maxevents > EP_MAX_EVENTS)
2459-
return -EINVAL;
2460-
2461-
/* Verify that the area passed by the user is writeable */
2462-
if (!access_ok(events, maxevents * sizeof(struct epoll_event)))
2463-
return -EFAULT;
2477+
int ret;
24642478

24652479
/* Get the "struct file *" for the eventpoll file */
24662480
CLASS(fd, f)(epfd);
24672481
if (fd_empty(f))
24682482
return -EBADF;
24692483

2470-
/*
2471-
* We have to check that the file structure underneath the fd
2472-
* the user passed to us _is_ an eventpoll file.
2473-
*/
2474-
if (!is_file_epoll(fd_file(f)))
2475-
return -EINVAL;
2484+
ret = ep_check_params(fd_file(f), events, maxevents);
2485+
if (unlikely(ret))
2486+
return ret;
24762487

24772488
/*
24782489
* At this point it is safe to assume that the "private_data" contains

0 commit comments

Comments
 (0)