On Fri, Apr 06, 2018 at 04:16:30AM +0100, Al Viro wrote: > BTW, this is only tangentially related, but... does *anything* call > io_submit() for huge amounts of iocb? Check in do_io_submit() is > insane - "no more than MAX_LONG total of _pointers_". Compat variant > goes for "no more than a page worth of pointers" and there's > a hard limit in ioctx_alloc() - we can't ever get more than > 8M slots in ring buffer... Logical upper bound for io_submit is nr_events passed to io_setup(), which is bound by aio_max_nr. Except that we never actually check against nr_events (or max_reqs as it is known in kernel) in io_submit. Sigh..
