io_uring/query: prevent infinite loops

If the query chain forms a cycle, the interface will loop indefinitely.
Make sure it handles fatal signals, so the user can kill the process and
hence break out of the infinite loop.

Fixes: c265ae75f900 ("io_uring: introduce io_uring querying")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/query.c b/io_uring/query.c
index 9eed0f371956a057070127da4d28d97b55cfa3e8..c2183daf5a4685ba4c4129c42ab642098755bc5d 100644 (file)
--- a/io_uring/query.c
+++ b/io_uring/query.c
@@ -88,6 +88,10 @@ int io_query(struct io_ring_ctx *ctx, void __user *arg, unsigned nr_args)
                if (ret)
                        return ret;
                uhdr = u64_to_user_ptr(next_hdr);
+
+               if (fatal_signal_pending(current))
+                       return -EINTR;
+               cond_resched();
        }
        return 0;
 }