It's nonsensical to register a provided buffer ring, if a classic
provided buffer group with the same ID exists. Depending on the order of
which we decide what type to pick, the other type will never get used.
Explicitly disallow it and return an error if this is attempted.
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
---
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 24d56b2a0637..065ea45de29c 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -12156,9 +12156,11 @@ static int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg)
}
bl = io_buffer_get_list(ctx, reg.bgid);
- if (bl && bl->buf_nr_pages)
- return -EEXIST;
- if (!bl) {
+ if (bl) {
+ /* if mapped buffer ring OR classic exists, don't allow */
+ if (bl->buf_nr_pages || !list_empty(&bl->buf_list))
+ return -EEXIST;
+ } else {
bl = kzalloc(sizeof(*bl), GFP_KERNEL);
if (!bl)
return -ENOMEM;
--
Jens Axboe
