io_uring/zcrx: use READ_ONCE with user shared RQEs

Refill queue entries are shared with the user space, use READ_ONCE when
reading them.

Fixes: 34a3e60821ab9 ("io_uring/zcrx: implement zerocopy receive pp memory provider");
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c
index 19b287d21f4bdd45c09dab1c29bc1169724a0d34..0461edebb04260294d0e41d4151f81c1d198cf4b 100644 (file)
--- a/io_uring/zcrx.c
+++ b/io_uring/zcrx.c
@@ -927,11 +927,12 @@ static inline bool io_parse_rqe(struct io_uring_zcrx_rqe *rqe,
                                struct io_zcrx_ifq *ifq,
                                struct net_iov **ret_niov)
 {
+       __u64 off = READ_ONCE(rqe->off);
        unsigned niov_idx, area_idx;
        struct io_zcrx_area *area;
 
-       area_idx = rqe->off >> IORING_ZCRX_AREA_SHIFT;
-       niov_idx = (rqe->off & ~IORING_ZCRX_AREA_MASK) >> ifq->niov_shift;
+       area_idx = off >> IORING_ZCRX_AREA_SHIFT;
+       niov_idx = (off & ~IORING_ZCRX_AREA_MASK) >> ifq->niov_shift;
 
        if (unlikely(rqe->__pad || area_idx))
                return false;