io_uring: fix fdinfo sqe offsets calculation

commit 00927931cb630bbf8edb6d7f4dadb25139fc5e16 upstream.

Only with the big sqe feature they take 128 bytes per entry, but we
unconditionally advance by 128B. Fix it by using sq_shift.

Fixes: 3b8fdd1dc35e3 ("io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128")
Reported-and-tested-by: syzbot+e5198737e8a2d23d958c@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/8b41287cb75d5efb8fcb5cccde845ddbbadd8372.1665449983.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/io_uring/fdinfo.c b/io_uring/fdinfo.c
index 6d4cc7a92724f1e4e46d26c73dd40a2deaa8ac46..2ddf321c948939cc4612884ba2d3dcd09c7b15aa 100644 (file)
--- a/io_uring/fdinfo.c
+++ b/io_uring/fdinfo.c
@@ -95,7 +95,7 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx,
                sq_idx = READ_ONCE(ctx->sq_array[entry & sq_mask]);
                if (sq_idx > sq_mask)
                        continue;
-               sqe = &ctx->sq_sqes[sq_idx << 1];
+               sqe = &ctx->sq_sqes[sq_idx << sq_shift];
                seq_printf(m, "%5u: opcode:%s, fd:%d, flags:%x, off:%llu, "
                              "addr:0x%llx, rw_flags:0x%x, buf_index:%d "
                              "user_data:%llu",