Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1907885rwr; Fri, 28 Apr 2023 03:37:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5dMykNE34gp7ISvhgEvhKv0aw1RTVrRQPTvjzMjE8pDZP8nRTad6stCXJ+C3SR+RHYztVP X-Received: by 2002:a17:90b:1b0c:b0:247:a53e:97a1 with SMTP id nu12-20020a17090b1b0c00b00247a53e97a1mr4899468pjb.28.1682678245152; Fri, 28 Apr 2023 03:37:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682678245; cv=none; d=google.com; s=arc-20160816; b=z/3BJ1GVkDxsRBPjbtsDZfEfqs+/KI1BuTM0Gkq1iskPRvQS8PfdxuITEA/DTIKzx6 OHuxQFwqXYcuPGW4UpqwiGLAJJ8e55BpKCVj+m9NdQKOWWnqFN95V5N0VWAKsNybmugA tzs3p6iUH0w3ZyTs8PPl+DkV2fs5ZHYLQwhvNfnh+Q5Z9d8IR9ewL1cU0om83jLZavA7 7tDhrxrjtgJs8wQkt1y3xs5x7dv7JtXVCMbWCbA2eV/RFukhcrdS7mEU+1x/xlJ2eWeo 3lP5RZtfXohzCHkx35lIjIbnTgyKBGzqhAOmNd+yI0+5lSu8JW8N+eyREs5qSl1g72Jv bP8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id; bh=xfJ7iSZYcPSKGLYrHT7QZ7tjBZYyHBPsbZrZH/FBXos=; b=Wb2ovSdTSf41u1Qg4f43NokqID97wFZ6nUXG6L78N1HPy8LfTQDY009HYISXzN0cha tfMSVxmF4AudTcSfRw0zlpHvkqfMVnr1JOy1EatbaCOPZjX0HLNJImHv0fyYtWCasvP6 t6JVoLNr2mZnCYg3yopLo3EYVtjomwQ5aUJ+lzYiDgJixiJfU8TdzD+ij6JGiEstHepq 1dG/mqzUXakcslNCukp3ZcdxbqNokX+dvqjTe76JXprXsbY6g+48Nd3rl+3vsKmCAO24 QTfUGwzcqjq0V4eEyZCECMbD+DeG+V3Gs/NrAy1f9MeaaCx+3clYt+vTK/RzFOFQcbNw JPdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fs14-20020a17090af28e00b0024780bdd76dsi1895079pjb.130.2023.04.28.03.37.13; Fri, 28 Apr 2023 03:37:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345832AbjD1K3r (ORCPT + 99 others); Fri, 28 Apr 2023 06:29:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230302AbjD1K3n (ORCPT ); Fri, 28 Apr 2023 06:29:43 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 95C601FCA; Fri, 28 Apr 2023 03:29:42 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 42338C14; Fri, 28 Apr 2023 03:30:26 -0700 (PDT) Received: from [10.57.57.22] (unknown [10.57.57.22]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3CDB23F64C; Fri, 28 Apr 2023 03:29:41 -0700 (PDT) Message-ID: <002c3a2a-df57-1997-1739-9675a6c8dd46@arm.com> Date: Fri, 28 Apr 2023 11:29:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: [PATCH] io_uring/kbuf: Fix size for shared buffer ring To: Jens Axboe , io-uring@vger.kernel.org Cc: asml.silence@gmail.com, kevin.brodsky@arm.com, linux-kernel@vger.kernel.org References: <20230427143142.3013020-1-tudor.cretu@arm.com> <03b13c8f-0f4c-0692-b2f0-e90d7877e327@kernel.dk> Content-Language: en-US From: Tudor Cretu In-Reply-To: <03b13c8f-0f4c-0692-b2f0-e90d7877e327@kernel.dk> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27-04-2023 19:42, Jens Axboe wrote: > On 4/27/23 8:31 AM, Tudor Cretu wrote: >> The size of the ring is the product of ring_entries and the size of >> struct io_uring_buf. Using struct_size is equivalent to >> (ring_entries + 1) * sizeof(struct io_uring_buf) >> and generates an off-by-one error. Fix it by using size_mul directly. >> >> Signed-off-by: Tudor Cretu >> --- >> io_uring/kbuf.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c >> index 4a6401080c1f..9770757c89a0 100644 >> --- a/io_uring/kbuf.c >> +++ b/io_uring/kbuf.c >> @@ -505,7 +505,7 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) >> } >> >> pages = io_pin_pages(reg.ring_addr, >> - struct_size(br, bufs, reg.ring_entries), >> + size_mul(sizeof(struct io_uring_buf), reg.ring_entries), >> &nr_pages); >> if (IS_ERR(pages)) { >> kfree(free_bl); > > Looking into this again, and some bells ringing in the back of my head, > we do have: > > commit 48ba08374e779421ca34bd14b4834aae19fc3e6a > Author: Wojciech Lukowicz > Date: Sat Feb 18 18:41:41 2023 +0000 > > io_uring: fix size calculation when registering buf ring > > which should have fixed that issue. What kernel version are you looking at? Hi Jens, Thank you for your message. Indeed I was looking at a slightly older version of the kernel. Apologies for the noise! Kind regards, Tudor >