[PATCH 11/23] io_uring: enable mmap'ing additional CQs

[Pavel Begunkov <asml.silence@xxxxxxxxx>]

TODO: get rid of extra offset

Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
 fs/io_uring.c                 | 13 ++++++++++++-
 include/uapi/linux/io_uring.h |  2 ++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 067cfb3a6e4a..1a4c9e513ac9 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -9207,6 +9207,7 @@ static void *io_uring_validate_mmap_request(struct file *file,
 	struct io_ring_ctx *ctx = file->private_data;
 	loff_t offset = pgoff << PAGE_SHIFT;
 	struct page *page;
+	unsigned long cq_idx;
 	void *ptr;
 
 	switch (offset) {
@@ -9218,7 +9219,15 @@ static void *io_uring_validate_mmap_request(struct file *file,
 		ptr = ctx->sq_sqes;
 		break;
 	default:
-		return ERR_PTR(-EINVAL);
+		if (offset < IORING_OFF_CQ_RING_EXTRA)
+			return ERR_PTR(-EINVAL);
+		offset -= IORING_OFF_CQ_RING_EXTRA;
+		if (offset % IORING_STRIDE_CQ_RING)
+			return ERR_PTR(-EINVAL);
+		cq_idx = offset / IORING_STRIDE_CQ_RING;
+		if (cq_idx >= ctx->cq_nr)
+			return ERR_PTR(-EINVAL);
+		ptr = ctx->cqs[cq_idx].rings;
 	}
 
 	page = virt_to_head_page(ptr);
@@ -9615,6 +9624,8 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
 
 	return 0;
 err:
+	while (ctx->cq_nr > 1)
+		io_mem_free(ctx->cqs[--ctx->cq_nr].rings);
 	io_mem_free(ctx->rings);
 	ctx->rings = NULL;
 	return ret;
diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h
index 92b61ca09ea5..67a97c793de7 100644
--- a/include/uapi/linux/io_uring.h
+++ b/include/uapi/linux/io_uring.h
@@ -203,6 +203,8 @@ enum {
 #define IORING_OFF_SQ_RING		0ULL
 #define IORING_OFF_CQ_RING		0x8000000ULL
 #define IORING_OFF_SQES			0x10000000ULL
+#define IORING_OFF_CQ_RING_EXTRA	0x1200000ULL
+#define IORING_STRIDE_CQ_RING		0x0100000ULL
 
 /*
  * Filled with the offset for mmap(2)
-- 
2.31.1