From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx2.suse.de ([195.135.220.15]:38756 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751094AbdBHCdq (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 7 Feb 2017 21:33:46 -0500
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id B0FFFABCC
        for <linux-fsdevel@vger.kernel.org>; Wed,  8 Feb 2017 02:33:44 +0000 (UTC)
From: Goldwyn Rodrigues <rgoldwyn@suse.de>
To: linux-fsdevel@vger.kernel.org
Cc: Goldwyn Rodrigues <rgoldwyn@suse.com>
Subject: [PATCH] aio: Check for aio_flags
Date: Tue,  7 Feb 2017 20:33:23 -0600
Message-Id: <20170208023323.8962-1-rgoldwyn@suse.de>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

From: Goldwyn Rodrigues <rgoldwyn@suse.com>

aio_flags are not checked when performing io_submit() and
can contain non-conforming values.
Return -EINVAL if they are invalid.

Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>

diff --git a/fs/aio.c b/fs/aio.c
index 428484f..f2dd175 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1521,6 +1521,11 @@ static int io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
 		return -EINVAL;
 	}
 
+	if (unlikely(iocb->aio_flags & ~IOCB_FLAG_RESFD)) {
+		pr_debug("EINVAL: incorrect flags\n");
+		return -EINVAL;
+	}
+
 	req = aio_get_req(ctx);
 	if (unlikely(!req))
 		return -EAGAIN;