From 2fcabce2d7d34f69a888146dab15b36a917f09d4 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@kernel.dk>
Date: Wed, 18 May 2022 15:34:37 -0600
Subject: [PATCH] io_uring: disallow mixed provided buffer group registrations
Git-commit: 2fcabce2d7d34f69a888146dab15b36a917f09d4
Patch-mainline: v5.19-rc1
References: bsc#1205205

It's nonsensical to register a provided buffer ring, if a classic
provided buffer group with the same ID exists. Depending on the order of
which we decide what type to pick, the other type will never get used.
Explicitly disallow it and return an error if this is attempted.

Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
---
 fs/io_uring.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8fc3dd49bc04..0bc5fbf64e49 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -12157,9 +12157,11 @@ static int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg)
 	}
 
 	bl = io_buffer_get_list(ctx, reg.bgid);
-	if (bl && bl->buf_nr_pages)
-		return -EEXIST;
-	if (!bl) {
+	if (bl) {
+		/* if mapped buffer ring OR classic exists, don't allow */
+		if (bl->buf_nr_pages || !list_empty(&bl->buf_list))
+			return -EEXIST;
+	} else {
 		bl = kzalloc(sizeof(*bl), GFP_KERNEL);
 		if (!bl)
 			return -ENOMEM;
-- 
2.35.3