io_uring: don't allow IORING_SETUP_NO_MMAP rings on highmem pages

On at least arm32, but presumably any arch with highmem, if the
application passes in memory that resides in highmem for the rings,
then we should fail that ring creation. We fail it with -EINVAL, which
is what kernels that don't support IORING_SETUP_NO_MMAP will do as well.

Cc: stable@vger.kernel.org
Fixes: 03d89a2de25b ("io_uring: support for user allocated memory for rings/sqes")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 783ed0f..d839a80 100644 (file)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2686,7 +2686,7 @@ static void *__io_uaddr_map(struct page ***pages, unsigned short *npages,
 {
        struct page **page_array;
        unsigned int nr_pages;
-       int ret;
+       int ret, i;
 
        *npages = 0;
 
@@ -2716,6 +2716,20 @@ err:
         */
        if (page_array[0] != page_array[ret - 1])
                goto err;
+
+       /*
+        * Can't support mapping user allocated ring memory on 32-bit archs
+        * where it could potentially reside in highmem. Just fail those with
+        * -EINVAL, just like we did on kernels that didn't support this
+        * feature.
+        */
+       for (i = 0; i < nr_pages; i++) {
+               if (PageHighMem(page_array[i])) {
+                       ret = -EINVAL;
+                       goto err;
+               }
+       }
+
        *pages = page_array;
        *npages = nr_pages;
        return page_to_virt(page_array[0]);