On 1/17/19 5:48 AM, Roman Penyaev wrote:
> On 2019-01-16 18:49, Jens Axboe wrote:
>
> [...]
>
>> +static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>> + struct io_uring_params *p)
>> +{
>> + struct io_sq_ring *sq_ring;
>> + struct io_cq_ring *cq_ring;
>> + size_t size;
>> + int ret;
>> +
>> + sq_ring = io_mem_alloc(struct_size(sq_ring, array, p->sq_entries));
>
> It seems that sq_entries, cq_entries are not limited at all. Can nasty
> app consume a lot of kernel pages calling io_setup_uring() from a loop
> passing random entries number? (or even better: decreasing entries
> number,
> in order to consume all pages orders with min number of loops).
Yes, that's an oversight, we should have a limit in place. I'll add that.
--
Jens Axboe
