io_uring: Fix NULL pointer dereference in loop_rw_iter()

[linux-2.6-microblaze.git] / fs / io_uring.c

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 5e1c08e..8f96566 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3066,7 +3066,10 @@ static int io_iter_do_read(struct io_kiocb *req, struct iov_iter *iter)
 {
        if (req->file->f_op->read_iter)
                return call_read_iter(req->file, &req->rw.kiocb, iter);
-       return loop_rw_iter(READ, req->file, &req->rw.kiocb, iter);
+       else if (req->file->f_op->read)
+               return loop_rw_iter(READ, req->file, &req->rw.kiocb, iter);
+       else
+               return -EINVAL;
 }
 
 static int io_read(struct io_kiocb *req, bool force_nonblock,
@@ -3203,8 +3206,10 @@ static int io_write(struct io_kiocb *req, bool force_nonblock,
 
        if (req->file->f_op->write_iter)
                ret2 = call_write_iter(req->file, kiocb, &iter);
-       else
+       else if (req->file->f_op->write)
                ret2 = loop_rw_iter(WRITE, req->file, kiocb, &iter);
+       else
+               ret2 = -EINVAL;
 
        /*
         * Raw bdev writes will return -EOPNOTSUPP for IOCB_NOWAIT. Just