linux/io_uring
Wojciech Lukowicz 48ba08374e io_uring: fix size calculation when registering buf ring
Using struct_size() to calculate the size of io_uring_buf_ring will sum
the size of the struct and of the bufs array. However, the struct's fields
are overlaid with the array making the calculated size larger than it
should be.

When registering a ring with N * PAGE_SIZE / sizeof(struct io_uring_buf)
entries, i.e. with fully filled pages, the calculated size will span one
more page than it should and io_uring will try to pin the following page.
Depending on how the application allocated the ring, it might succeed
using an unrelated page or fail returning EFAULT.

The size of the ring should be the product of ring_entries and the size
of io_uring_buf, i.e. the size of the bufs array only.

Fixes: c7fb19428d ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Wojciech Lukowicz <wlukowicz01@gmail.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
Link: https://lore.kernel.org/r/20230218184141.70891-1-wlukowicz01@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-02-22 09:57:23 -07:00
..
advise.c io_uring: always go async for unsupported fadvise flags 2023-01-29 15:18:26 -07:00
advise.h
alloc_cache.h
cancel.c io_uring/cancel: re-grab ctx mutex after finishing wait 2022-12-21 13:31:40 -07:00
cancel.h
epoll.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
epoll.h
fdinfo.c io_uring/fdinfo: include locked hash table in fdinfo output 2023-01-10 10:24:52 -07:00
fdinfo.h
filetable.c io_uring/filetable: fix file reference underflow 2022-11-25 06:54:46 -07:00
filetable.h io_uring: kill hot path fixed file bitmap debug checks 2022-10-16 17:07:53 -06:00
fs.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
fs.h
io_uring.c io_uring: rename 'in_idle' to 'in_cancel' 2023-02-22 09:57:23 -07:00
io_uring.h io_uring: mark task TASK_RUNNING before handling resume/task work 2023-02-06 08:23:21 -07:00
io-wq.c io_uring/io-wq: only free worker if it was allocated for creation 2023-01-08 10:39:17 -07:00
io-wq.h
kbuf.c io_uring: fix size calculation when registering buf ring 2023-02-22 09:57:23 -07:00
kbuf.h io_uring: allow buffer recycling in READV 2022-09-21 10:30:43 -06:00
Makefile
msg_ring.c io_uring/msg-ring: ensure flags passing works for task_work completions 2023-01-29 15:17:41 -07:00
msg_ring.h io_uring: get rid of double locking 2022-12-07 06:47:13 -07:00
net.c for-6.3/iter-ubuf-2023-02-16 2023-02-20 14:03:57 -08:00
net.h io_uring/net: zerocopy sendmsg 2022-09-21 13:15:02 -06:00
nop.c
nop.h
notif.c io_uring: refactor req allocation 2023-01-29 15:17:41 -07:00
notif.h io_uring: move zc reporting from the hot path 2022-11-21 07:38:31 -07:00
opdef.c io_uring,audit: don't log IORING_OP_MADVISE 2023-02-10 16:00:30 -07:00
opdef.h io_uring: Split io_issue_def struct 2023-01-29 15:17:41 -07:00
openclose.c io_uring: always go async for unsupported open flags 2023-01-29 15:18:26 -07:00
openclose.h
poll.c io_uring: Rename struct io_op_def 2023-01-29 15:17:41 -07:00
poll.h
refs.h
rsrc.c io_uring/rsrc: fix a comment in io_import_fixed() 2023-02-22 09:57:23 -07:00
rsrc.h io_uring: use tw for putting rsrc 2022-12-07 06:47:13 -07:00
rw.c for-6.3/iter-ubuf-2023-02-16 2023-02-20 14:03:57 -08:00
rw.h io_uring/rw: don't lose partial IO result on fail 2022-09-21 13:15:02 -06:00
slist.h
splice.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
splice.h
sqpoll.c io_uring: make io_sqpoll_wait_sq return void 2023-01-29 15:17:40 -07:00
sqpoll.h io_uring: make io_sqpoll_wait_sq return void 2023-01-29 15:17:40 -07:00
statx.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
statx.h
sync.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
sync.h
tctx.c io_uring: rename 'in_idle' to 'in_cancel' 2023-02-22 09:57:23 -07:00
tctx.h io_uring: simplify __io_uring_add_tctx_node 2022-10-07 12:25:30 -06:00
timeout.c io_uring: ease timeout flush locking requirements 2022-12-14 08:53:35 -07:00
timeout.h io_uring: remove unused return from io_disarm_next 2022-09-21 13:15:01 -06:00
uring_cmd.c io_uring: iopoll protect complete_post 2022-11-23 10:45:31 -07:00
uring_cmd.h
xattr.c io_uring: for requests that require async, force it 2023-01-29 15:18:26 -07:00
xattr.h