io_uring/timeout: check unused sqe fields

Zero check unused SQE fields addr3 and pad2 for timeout and timeout
update requests. They're not needed now, but could be used sometime
in the future.

Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/timeout.c b/io_uring/timeout.c
index cb61d4862fc65c00bfe5fcc8577d34971a2b6406..e3815e3465dde53174f6e464f448fa2ca40231c3 100644 (file)
--- a/io_uring/timeout.c
+++ b/io_uring/timeout.c
@@ -449,6 +449,8 @@ int io_timeout_remove_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 
        if (unlikely(req->flags & (REQ_F_FIXED_FILE | REQ_F_BUFFER_SELECT)))
                return -EINVAL;
+       if (sqe->addr3 || sqe->__pad2[0])
+               return -EINVAL;
        if (sqe->buf_index || sqe->len || sqe->splice_fd_in)
                return -EINVAL;
 
@@ -521,6 +523,8 @@ static int __io_timeout_prep(struct io_kiocb *req,
        unsigned flags;
        u32 off = READ_ONCE(sqe->off);
 
+       if (sqe->addr3 || sqe->__pad2[0])
+               return -EINVAL;
        if (sqe->buf_index || sqe->len != 1 || sqe->splice_fd_in)
                return -EINVAL;
        if (off && is_timeout_link)