[LTP] io_uring/pintheft: Add CVE-2026-43494 regression test

linuxtestproject.agent@gmail.com linuxtestproject.agent@gmail.com
Sat May 23 18:17:11 CEST 2026 

Hi Sebastian,

On Sat, 23 May 2026 17:10:45 +0200, Sebastian Chlad wrote:
> io_uring/pintheft: Add CVE-2026-43494 regression test

> Author: Sebastian Chlad <sebastianchlad@gmail.com>
> Signed-off-by: Sebastian Chlad <sebastian.chlad@suse.com>

Author email and Signed-off-by email don't match. The DCO requires the
SOB identity to match the commit author. Please rebase with a consistent
identity (likely the corporate address throughout, or vice versa).

[...]

> +/* Argument for IORING_REGISTER_CLONE_BUFFERS */
> +#ifndef HAVE_STRUCT_IO_URING_CLONE_BUFFERS_ARG
> +struct io_uring_clone_buffers_arg {
> +       uint32_t src_fd;
> +       uint32_t flags;
> +       uint32_t pad[6];
> +};
> +#endif

The HAVE_STRUCT_IO_URING_CLONE_BUFFERS_ARG guard is never set because
there is no corresponding AC_CHECK_TYPES entry in configure.ac. See e.g.
the struct futex_waitv pattern:

  AC_CHECK_TYPES([struct futex_waitv],,,[#include <linux/futex.h>])

Without it the guard is dead and on a kernel that defines this struct
under the same name you'll get a redefinition error. Please add:

  AC_CHECK_TYPES([struct io_uring_clone_buffers_arg],,,
                 [#include <linux/io_uring.h>])

Also: the upstream kernel uapi defines this as struct io_uring_clone_buffers
(no _arg suffix). If that is still the name in 7.1, the struct name and
guard in lapi need to match (io_uring_clone_buffers /
HAVE_STRUCT_IO_URING_CLONE_BUFFERS) so the fallback fires correctly on
older headers and doesn't shadow the system definition on newer ones. ⚠️
Please verify against the 7.1 uapi header.

[...]

> +#define GUP_PIN_COUNTING_BIAS	1024
> +
> +
> +static int ring_fd1 = -1;

Double blank line. One blank line between a macro block and the variable
declarations is enough.

[...]

---
Note:

Our agent completed the review of the patch. The full review can be
found at: (not set)

The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.

Regards,
LTP AI Reviewer
```

More information about the ltp mailing list