From: Caleb Sander Mateos <csander@purestorage.com>
To: Ming Lei <ming.lei@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Shuah Khan <shuah@kernel.org>
Cc: linux-block@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org,
Stanley Zhang <stazhang@purestorage.com>,
Uday Shankar <ushankar@purestorage.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Caleb Sander Mateos <csander@purestorage.com>
Subject: [PATCH v3 08/19] ublk: move offset check out of __ublk_check_and_get_req()
Date: Mon, 5 Jan 2026 17:57:40 -0700 [thread overview]
Message-ID: <20260106005752.3784925-9-csander@purestorage.com> (raw)
In-Reply-To: <20260106005752.3784925-1-csander@purestorage.com>
__ublk_check_and_get_req() checks that the passed in offset is within
the data length of the specified ublk request. However, only user copy
(ublk_check_and_get_req()) supports accessing ublk request data at a
nonzero offset. Zero-copy buffer registration (ublk_register_io_buf())
always passes 0 for the offset, so the check is unnecessary. Move the
check from __ublk_check_and_get_req() to ublk_check_and_get_req().
Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
---
drivers/block/ublk_drv.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index abb668b460a8..e44ab9981ef4 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -253,11 +253,11 @@ struct ublk_params_header {
static void ublk_io_release(void *priv);
static void ublk_stop_dev_unlocked(struct ublk_device *ub);
static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq);
static inline struct request *__ublk_check_and_get_req(struct ublk_device *ub,
- u16 q_id, u16 tag, struct ublk_io *io, size_t offset);
+ u16 q_id, u16 tag, struct ublk_io *io);
static inline unsigned int ublk_req_build_flags(struct request *req);
static void ublk_partition_scan_work(struct work_struct *work)
{
struct ublk_device *ub =
@@ -2283,11 +2283,11 @@ static int ublk_register_io_buf(struct io_uring_cmd *cmd,
int ret;
if (!ublk_dev_support_zero_copy(ub))
return -EINVAL;
- req = __ublk_check_and_get_req(ub, q_id, tag, io, 0);
+ req = __ublk_check_and_get_req(ub, q_id, tag, io);
if (!req)
return -EINVAL;
ret = io_buffer_register_bvec(cmd, req, ublk_io_release, index,
issue_flags);
@@ -2577,11 +2577,11 @@ static int ublk_ch_uring_cmd_local(struct io_uring_cmd *cmd,
__func__, cmd_op, tag, ret, io ? io->flags : 0);
return ret;
}
static inline struct request *__ublk_check_and_get_req(struct ublk_device *ub,
- u16 q_id, u16 tag, struct ublk_io *io, size_t offset)
+ u16 q_id, u16 tag, struct ublk_io *io)
{
struct request *req;
/*
* can't use io->req in case of concurrent UBLK_IO_COMMIT_AND_FETCH_REQ,
@@ -2598,13 +2598,10 @@ static inline struct request *__ublk_check_and_get_req(struct ublk_device *ub,
goto fail_put;
if (!ublk_rq_has_data(req))
goto fail_put;
- if (offset > blk_rq_bytes(req))
- goto fail_put;
-
return req;
fail_put:
ublk_put_req_ref(io, req);
return NULL;
}
@@ -2682,14 +2679,19 @@ ublk_user_copy(struct kiocb *iocb, struct iov_iter *iter, int dir)
if (tag >= ub->dev_info.queue_depth)
return -EINVAL;
io = &ubq->ios[tag];
- req = __ublk_check_and_get_req(ub, q_id, tag, io, buf_off);
+ req = __ublk_check_and_get_req(ub, q_id, tag, io);
if (!req)
return -EINVAL;
+ if (buf_off > blk_rq_bytes(req)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
if (!ublk_check_ubuf_dir(req, dir)) {
ret = -EACCES;
goto out;
}
--
2.45.2
next prev parent reply other threads:[~2026-01-06 0:58 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 0:57 [PATCH v3 00/19] ublk: add support for integrity data Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 01/19] blk-integrity: take const pointer in blk_integrity_rq() Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 02/19] ublk: move ublk flag check functions earlier Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 03/19] ublk: support UBLK_PARAM_TYPE_INTEGRITY in device creation Caleb Sander Mateos
2026-01-06 13:09 ` Ming Lei
2026-01-06 16:32 ` Caleb Sander Mateos
2026-01-07 0:15 ` Ming Lei
2026-01-07 2:20 ` Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 04/19] ublk: set UBLK_IO_F_INTEGRITY in ublksrv_io_desc Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 05/19] ublk: add ublk_copy_user_bvec() helper Caleb Sander Mateos
2026-01-06 13:14 ` Ming Lei
2026-01-06 0:57 ` [PATCH v3 06/19] ublk: split out ublk_user_copy() helper Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 07/19] ublk: inline ublk_check_and_get_req() into ublk_user_copy() Caleb Sander Mateos
2026-01-06 0:57 ` Caleb Sander Mateos [this message]
2026-01-06 0:57 ` [PATCH v3 09/19] ublk: implement integrity user copy Caleb Sander Mateos
2026-01-06 13:34 ` Ming Lei
2026-01-06 18:20 ` Caleb Sander Mateos
2026-01-07 0:28 ` Ming Lei
2026-01-08 1:50 ` Caleb Sander Mateos
2026-01-08 2:11 ` Ming Lei
2026-01-06 13:46 ` Ming Lei
2026-01-06 0:57 ` [PATCH v3 10/19] ublk: support UBLK_F_INTEGRITY Caleb Sander Mateos
2026-01-06 13:36 ` Ming Lei
2026-01-06 0:57 ` [PATCH v3 11/19] ublk: optimize ublk_user_copy() on daemon task Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 12/19] selftests: ublk: display UBLK_F_INTEGRITY support Caleb Sander Mateos
2026-01-06 13:38 ` Ming Lei
2026-01-06 0:57 ` [PATCH v3 13/19] selftests: ublk: add utility to get block device metadata size Caleb Sander Mateos
2026-01-06 13:50 ` Ming Lei
2026-01-06 17:18 ` Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 14/19] selftests: ublk: add kublk support for integrity params Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 15/19] selftests: ublk: implement integrity user copy in kublk Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 16/19] selftests: ublk: support non-O_DIRECT backing files Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 17/19] selftests: ublk: add integrity data support to loop target Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 18/19] selftests: ublk: add integrity params test Caleb Sander Mateos
2026-01-06 0:57 ` [PATCH v3 19/19] selftests: ublk: add end-to-end integrity test Caleb Sander Mateos
2026-01-06 14:10 ` Ming Lei
2026-01-06 17:15 ` Caleb Sander Mateos
2026-01-07 0:21 ` Ming Lei
2026-01-07 1:32 ` Caleb Sander Mateos
2026-01-07 1:49 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106005752.3784925-9-csander@purestorage.com \
--to=csander@purestorage.com \
--cc=axboe@kernel.dk \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=ming.lei@redhat.com \
--cc=shuah@kernel.org \
--cc=stazhang@purestorage.com \
--cc=ushankar@purestorage.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox