On Sat, 18 Feb 2023 18:41:41 +0000, Wojciech Lukowicz wrote:
> Using struct_size() to calculate the size of io_uring_buf_ring will sum
> the size of the struct and of the bufs array. However, the struct's fields
> are overlaid with the array making the calculated size larger than it
> should be.
>
> When registering a ring with N * PAGE_SIZE / sizeof(struct io_uring_buf)
> entries, i.e. with fully filled pages, the calculated size will span one
> more page than it should and io_uring will try to pin the following page.
> Depending on how the application allocated the ring, it might succeed
> using an unrelated page or fail returning EFAULT.
>
> [...]
Applied, thanks!
[1/1] io_uring: fix size calculation when registering buf ring
commit: 8318ba8fbd645d269f2e9a590f72f8bad8b5c295
Best regards,
--
Jens Axboe
