On 2019-01-16 18:49, Jens Axboe wrote:
[...]
+static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
+ struct io_uring_params *p)
+{
+ struct io_sq_ring *sq_ring;
+ struct io_cq_ring *cq_ring;
+ size_t size;
+ int ret;
+
+ sq_ring = io_mem_alloc(struct_size(sq_ring, array, p->sq_entries));
It seems that sq_entries, cq_entries are not limited at all. Can nasty
app consume a lot of kernel pages calling io_setup_uring() from a loop
passing random entries number? (or even better: decreasing entries
number,
in order to consume all pages orders with min number of loops).
--
Roman
