io_uring/kbuf: align legacy buffer add limit with MAX_BIDS_PER_BGID

io_provide_buffers_prep() accepts nbufs up to MAX_BIDS_PER_BGID, but io_add_buffers() stops when bl->nbufs reaches USHRT_MAX. This makes the effective add limit one lower than the validated limit. Use MAX_BIDS_PER_BGID in the add-side boundary check so validation and execution use the same limit, and update the comment to refer to the actual limit constant. Signed-off-by: liyouhong <liyouhong@kylinos.cn> Link: https://patch.msgid.link/20260528024936.3672659-1-dayou5941@163.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: liyouhong <liyouhong@kylinos.cn> 2026-05-28 10:49:36 +0800
committer: Jens Axboe <axboe@kernel.dk> 2026-05-28 08:02:57 -0600
commit: ca55f98d6ff1ecb31a07b668a8d105b4e0829c6a (patch)
tree: 43aeb248784c43a87b53fe5db22994caec4543b7
parent: 6935f631465f5f60205978a59228a26db4723d51 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
index dd54e43e9ddf..7a1c65f631c2 100644
--- a/io_uring/kbuf.c
+++ b/io_uring/kbuf.c
@@ -541,11 +541,11 @@ static int io_add_buffers(struct io_ring_ctx *ctx, struct io_provide_buf *pbuf,
 
 	for (i = 0; i < pbuf->nbufs; i++) {
 		/*
-		 * Nonsensical to have more than sizeof(bid) buffers in a
+		 * Nonsensical to have more than MAX_BIDS_PER_BGID buffers in a
 		 * buffer list, as the application then has no way of knowing
 		 * which duplicate bid refers to what buffer.
 		 */
-		if (bl->nbufs == USHRT_MAX) {
+		if (bl->nbufs == MAX_BIDS_PER_BGID) {
 			ret = -EOVERFLOW;
 			break;
 		}
author	liyouhong <liyouhong@kylinos.cn>	2026-05-28 10:49:36 +0800
committer	Jens Axboe <axboe@kernel.dk>	2026-05-28 08:02:57 -0600
commit	ca55f98d6ff1ecb31a07b668a8d105b4e0829c6a (patch)
tree	43aeb248784c43a87b53fe5db22994caec4543b7
parent	6935f631465f5f60205978a59228a26db4723d51 (diff)