io_uring: fix 0-iov read buffer select

Doing vectored buf-select read with 0 iovec passed is meaningless and
utterly broken, forbid it.

Cc: <stable@vger.kernel.org> # 5.7+
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index b749578..f3690df 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3125,9 +3125,7 @@ static ssize_t io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov,
                iov[0].iov_len = kbuf->len;
                return 0;
        }
-       if (!req->rw.len)
-               return 0;
-       else if (req->rw.len > 1)
+       if (req->rw.len != 1)
                return -EINVAL;
 
 #ifdef CONFIG_COMPAT