| From ea91ac8743fd5896fbc297ef4e772ba88fda2b11 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sat, 11 Jul 2020 11:31:11 +0200 |
| Subject: io_uring: fix sq array offset calculation |
| |
| From: Dmitry Vyukov <dvyukov@google.com> |
| |
| [ Upstream commit b36200f543ff07a1cb346aa582349141df2c8068 ] |
| |
| rings_size() sets sq_offset to the total size of the rings (the returned |
| value which is used for memory allocation). This is wrong: sq array should |
| be located within the rings, not after them. Set sq_offset to where it |
| should be. |
| |
| Fixes: 75b28affdd6a ("io_uring: allocate the two rings together") |
| Signed-off-by: Dmitry Vyukov <dvyukov@google.com> |
| Acked-by: Hristo Venev <hristo@venev.name> |
| Cc: io-uring@vger.kernel.org |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/io_uring.c | 6 +++--- |
| 1 file changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/fs/io_uring.c b/fs/io_uring.c |
| index 5405362ae35f1..04694f6c30a04 100644 |
| --- a/fs/io_uring.c |
| +++ b/fs/io_uring.c |
| @@ -7139,6 +7139,9 @@ static unsigned long rings_size(unsigned sq_entries, unsigned cq_entries, |
| return SIZE_MAX; |
| #endif |
| |
| + if (sq_offset) |
| + *sq_offset = off; |
| + |
| sq_array_size = array_size(sizeof(u32), sq_entries); |
| if (sq_array_size == SIZE_MAX) |
| return SIZE_MAX; |
| @@ -7146,9 +7149,6 @@ static unsigned long rings_size(unsigned sq_entries, unsigned cq_entries, |
| if (check_add_overflow(off, sq_array_size, &off)) |
| return SIZE_MAX; |
| |
| - if (sq_offset) |
| - *sq_offset = off; |
| - |
| return off; |
| } |
| |
| -- |
| 2.25.1 |
| |