io_uring/nop: ensure nop->fd is always initialized

A previous commit added file support for nop, but it only initializes
nop->fd if IORING_NOP_FIXED_FILE is set. That check should be
IORING_NOP_FILE. Fix up the condition in nop preparation, and initialize
it to a sane value even if we're not going to be directly using it.

While in there, do the same thing for the nop->buffer field.

Reported-by: syzbot+9a8500a45c2cabdf9577@syzkaller.appspotmail.com
Fixes: a85f31052bce ("io_uring/nop: add support for testing registered files and buffers")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/nop.c b/io_uring/nop.c
index 6d470d4251eef96ecf9e3b77c44388d3112901f4..5e5196df650a19e032e53594db6f1d1bea71c5f2 100644 (file)
--- a/io_uring/nop.c
+++ b/io_uring/nop.c
@@ -35,10 +35,14 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
                nop->result = READ_ONCE(sqe->len);
        else
                nop->result = 0;
-       if (nop->flags & IORING_NOP_FIXED_FILE)
+       if (nop->flags & IORING_NOP_FILE)
                nop->fd = READ_ONCE(sqe->fd);
+       else
+               nop->fd = -1;
        if (nop->flags & IORING_NOP_FIXED_BUFFER)
                nop->buffer = READ_ONCE(sqe->buf_index);
+       else
+               nop->buffer = -1;
        return 0;
 }