From 9adc6669a60a7ec9e5a4b2b524791b0f4b7f3e66 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@kernel.dk>
Date: Wed, 10 Sep 2025 09:50:30 -0600
Subject: [PATCH] io_uring: correct size of overflow CQE calculation

If a 32b CQE is required, don't double the size of the overflow struct,
just add the size of the io_uring_cqe addition that is needed. This
avoids allocating too much memory, as the io_overflow_cqe size includes
the list member required to queue them too.

Fixes: e26dca67fde1 ("io_uring: add support for IORING_SETUP_CQE_MIXED")
Reviewed-by: Caleb Sander Mateos <csander@purestorage.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 io_uring/io_uring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 6d62f10416eb..1bfa124565f7 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -756,7 +756,7 @@ static struct io_overflow_cqe *io_alloc_ocqe(struct io_ring_ctx *ctx,
 
 	if (cqe->flags & IORING_CQE_F_32 || ctx->flags & IORING_SETUP_CQE32) {
 		is_cqe32 = true;
-		ocq_size <<= 1;
+		ocq_size += sizeof(struct io_uring_cqe);
 	}
 
 	ocqe = kzalloc(ocq_size, gfp | __GFP_ACCOUNT);