[PATCH 6/6] io_uring/register: fix ring resizing with mixed/large SQEs/CQEs

public inbox for io-uring@vger.kernel.org
 help / color / mirror / Atom feed

From: Jens Axboe <axboe@kernel.dk>
To: io-uring@vger.kernel.org
Cc: Jens Axboe <axboe@kernel.dk>, stable@kernel.org
Subject: [PATCH 6/6] io_uring/register: fix ring resizing with mixed/large SQEs/CQEs
Date: Tue, 21 Apr 2026 07:51:43 -0600	[thread overview]
Message-ID: <20260421135626.581917-7-axboe@kernel.dk> (raw)
In-Reply-To: <20260421135626.581917-1-axboe@kernel.dk>

The ring resizing only properly handles "normal" sized SQEs or CQEs, if
there are pending entries around a resize. This normally should not be
the case, but the code is supposed to handle this regardless.

For the mixed SQE/CQE cases, the current copying works fine as they
are indexed in the same way. Each half is just copied separately. But
for fixed large SQEs and CQEs, the iteration and copy need to take that
into account.

Cc: stable@kernel.org
Fixes: 79cfe9e59c2a ("io_uring/register: add IORING_REGISTER_RESIZE_RINGS")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 io_uring/register.c | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/io_uring/register.c b/io_uring/register.c
index 24e593332d1a..dce5e2f9cf77 100644
--- a/io_uring/register.c
+++ b/io_uring/register.c
@@ -599,10 +599,20 @@ static int io_register_resize_rings(struct io_ring_ctx *ctx, void __user *arg)
 	if (tail - old_head > p->sq_entries)
 		goto overflow;
 	for (i = old_head; i < tail; i++) {
-		unsigned src_head = i & (ctx->sq_entries - 1);
-		unsigned dst_head = i & (p->sq_entries - 1);
-
-		n.sq_sqes[dst_head] = o.sq_sqes[src_head];
+		unsigned index, dst_mask, src_mask;
+		size_t sq_size;
+
+		index = i;
+		sq_size = sizeof(struct io_uring_sqe);
+		src_mask = ctx->sq_entries - 1;
+		dst_mask = p->sq_entries - 1;
+		if (ctx->flags & IORING_SETUP_SQE128) {
+			index <<= 1;
+			sq_size <<= 1;
+			src_mask = (ctx->sq_entries << 1) - 1;
+			dst_mask = (p->sq_entries << 1) - 1;
+		}
+		memcpy(&n.sq_sqes[index & dst_mask], &o.sq_sqes[index & src_mask], sq_size);
 	}
 	WRITE_ONCE(n.rings->sq.head, old_head);
 	WRITE_ONCE(n.rings->sq.tail, tail);
@@ -619,10 +629,20 @@ static int io_register_resize_rings(struct io_ring_ctx *ctx, void __user *arg)
 		goto out;
 	}
 	for (i = old_head; i < tail; i++) {
-		unsigned src_head = i & (ctx->cq_entries - 1);
-		unsigned dst_head = i & (p->cq_entries - 1);
-
-		n.rings->cqes[dst_head] = o.rings->cqes[src_head];
+		unsigned index, dst_mask, src_mask;
+		size_t cq_size;
+
+		index = i;
+		cq_size = sizeof(struct io_uring_cqe);
+		src_mask = ctx->cq_entries - 1;
+		dst_mask = p->cq_entries - 1;
+		if (ctx->flags & IORING_SETUP_CQE32) {
+			index <<= 1;
+			cq_size <<= 1;
+			src_mask = (ctx->cq_entries << 1) - 1;
+			dst_mask = (p->cq_entries << 1) - 1;
+		}
+		memcpy(&n.rings->cqes[index & dst_mask], &o.rings->cqes[index & src_mask], cq_size);
 	}
 	WRITE_ONCE(n.rings->cq.head, old_head);
 	WRITE_ONCE(n.rings->cq.tail, tail);
-- 
2.53.0

next prev parent reply	other threads:[~2026-04-21 13:56 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-21 13:51 [PATCHSET 0/6] Various bug fixes Jens Axboe
2026-04-21 13:51 ` [PATCH 1/6] io_uring: fix spurious fput in registered ring path Jens Axboe
2026-04-21 17:05   ` Gabriel Krisman Bertazi
2026-04-21 13:51 ` [PATCH 2/6] io_uring/rsrc: unify nospec indexing for direct descriptors Jens Axboe
2026-04-21 17:09   ` Gabriel Krisman Bertazi
2026-04-21 13:51 ` [PATCH 3/6] io_uring/rsrc: use kvfree() for the imu cache Jens Axboe
2026-04-21 13:51 ` [PATCH 4/6] io_uring/rw: add defensive hardening for negative kbuf lengths Jens Axboe
2026-04-21 17:10   ` Gabriel Krisman Bertazi
2026-04-21 13:51 ` [PATCH 5/6] io_uring/futex: ensure partial wakes are appropriately dequeued Jens Axboe
2026-04-21 17:11   ` Gabriel Krisman Bertazi
2026-04-21 13:51 ` Jens Axboe [this message]
2026-04-21 17:12   ` [PATCH 6/6] io_uring/register: fix ring resizing with mixed/large SQEs/CQEs Gabriel Krisman Bertazi

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:24e593332d1 dfblob:dce5e2f9cf7 )
 OR (
bs:"[PATCH 6/6] io_uring/register: fix ring resizing with mixed/large SQEs/CQEs" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260421135626.581917-7-axboe@kernel.dk \
    --to=axboe@kernel.dk \
    --cc=io-uring@vger.kernel.org \
    --cc=stable@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox