Re: [PATCH] io_uring: propagate array_index_nospec opcode into req->opcode

Next message: Michael Bommarito: "[PATCH net] xfrm: ah: use skb_to_full_sk in async output callbacks"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 2/4] dt-bindings: phy: qcom,msm8998-qmp-usb3-phy: Add support for Shikra"
In reply to: Jens Axboe: "Re: [PATCH] io_uring: propagate array_index_nospec opcode into req-&gt;opcode"
Next in thread: Jens Axboe: "Re: [PATCH] io_uring: propagate array_index_nospec opcode into req-&gt;opcode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Keith Busch

Date: Fri May 15 2026 - 12:29:03 EST

On Fri, May 15, 2026 at 10:58:11AM -0400, Michael Bommarito wrote:
> The compiled change is one instruction (a single mov of the clamped
> byte to req->opcode); the cmp/sbb/and clamp triplet is unchanged.
> No functional change: array_index_nospec() is a no-op for opcodes in
> [0, IORING_OP_LAST), and out-of-range opcodes are still rejected at
> the bounds check above this assignment.

Since the bounds check above already catches an invalid opcode, why does
it need to be re-initialized to the clamped value? Surely it's already
the same value if we've taken this path, no?