From: Hristo Venev <hristo@venev.name>
To: Dmitry Vyukov <dvyukov@google.com>, axboe@kernel.dk
Cc: necip@google.com, io-uring@vger.kernel.org
Subject: Re: [PATCH] io_uring: fix sq array offset calculation
Date: Sat, 11 Jul 2020 12:37:56 +0300 [thread overview]
Message-ID: <dfeb313f261cea8652b0a12144ff4259ecfbd322.camel@venev.name> (raw)
In-Reply-To: <20200711093111.2490946-1-dvyukov@google.com>
[-- Attachment #1: Type: text/plain, Size: 1797 bytes --]
On Sat, 2020-07-11 at 11:31 +0200, Dmitry Vyukov wrote:
> rings_size() sets sq_offset to the total size of the rings
> (the returned value which is used for memory allocation).
> This is wrong: sq array should be located within the rings,
> not after them. Set sq_offset to where it should be.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: io-uring@vger.kernel.org
> Cc: Hristo Venev <hristo@venev.name>
> Fixes: 75b28affdd6a ("io_uring: allocate the two rings together")
Oops.
Acked-by: Hristo Venev <hristo@venev.name>
>
> ---
> This looks so wrong and yet io_uring works.
> So I am either missing something very obvious here,
> or io_uring worked only due to lucky side-effects
> of rounding size to power-of-2 number of pages
> (which gave it enough slack at the end),
> maybe reading/writing some unrelated memory
> with some sizes.
> If I am wrong, please poke my nose into what I am not seeing.
> Otherwise, we probably need to CC stable as well.
> ---
> fs/io_uring.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index ca8abde48b6c7..c4c3731ed41e9 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -7063,6 +7063,9 @@ static unsigned long rings_size(unsigned
> sq_entries, unsigned cq_entries,
> return SIZE_MAX;
> #endif
>
> + if (sq_offset)
> + *sq_offset = off;
> +
> sq_array_size = array_size(sizeof(u32), sq_entries);
> if (sq_array_size == SIZE_MAX)
> return SIZE_MAX;
> @@ -7070,9 +7073,6 @@ static unsigned long rings_size(unsigned
> sq_entries, unsigned cq_entries,
> if (check_add_overflow(off, sq_array_size, &off))
> return SIZE_MAX;
>
> - if (sq_offset)
> - *sq_offset = off;
> -
> return off;
> }
>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]
next prev parent reply other threads:[~2020-07-11 9:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-11 9:31 [PATCH] io_uring: fix sq array offset calculation Dmitry Vyukov
2020-07-11 9:37 ` Hristo Venev [this message]
2020-07-11 15:15 ` Jens Axboe
2020-07-11 15:31 ` Dmitry Vyukov
2020-07-11 15:36 ` Jens Axboe
2020-07-11 15:47 ` Jens Axboe
2020-07-11 15:52 ` Hristo Venev
2020-07-11 15:55 ` Jens Axboe
2020-07-11 15:56 ` Hristo Venev
2020-07-11 16:16 ` Dmitry Vyukov
2020-07-17 13:48 ` Dmitry Vyukov
2020-07-17 14:05 ` Jens Axboe
2020-07-17 14:08 ` Jens Axboe
2020-07-17 14:08 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfeb313f261cea8652b0a12144ff4259ecfbd322.camel@venev.name \
--to=hristo@venev.name \
--cc=axboe@kernel.dk \
--cc=dvyukov@google.com \
--cc=io-uring@vger.kernel.org \
--cc=necip@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.