io_uring: fix 0-iov read buffer select

commit dd20166236953c8cd14f4c668bf972af32f0c6be upstream.

Doing vectored buf-select read with 0 iovec passed is meaningless and
utterly broken, forbid it.

Cc: <stable@vger.kernel.org> # 5.7+
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index c422f255b51be383202af23214d916d55a9de972..797874f215b1a3891d7a8ab6d086e06a0b2f1036 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3048,9 +3048,7 @@ static ssize_t io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov,
                iov[0].iov_len = kbuf->len;
                return 0;
        }
-       if (!req->rw.len)
-               return 0;
-       else if (req->rw.len > 1)
+       if (req->rw.len != 1)
                return -EINVAL;
 
 #ifdef CONFIG_COMPAT