tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ublk: Validate SQE128 flag before accessing the cmd

ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before
IO_URING_F_SQE128 flag check. This could cause out of boundary memory
access.

Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return
-EINVAL immediately if the flag is not set.

Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver")
Signed-off-by: Govindarajulu Varadarajan <govind.varadar@gmail.com>
Reviewed-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

authored by

Govindarajulu Varadarajan and committed by
Jens Axboe da7e4b75 da562d92

+3 -3
+3 -3
drivers/block/ublk_drv.c
··· 5221 5221 issue_flags & IO_URING_F_NONBLOCK) 5222 5222 return -EAGAIN; 5223 5223 5224 - ublk_ctrl_cmd_dump(cmd); 5225 - 5226 5224 if (!(issue_flags & IO_URING_F_SQE128)) 5227 - goto out; 5225 + return -EINVAL; 5226 + 5227 + ublk_ctrl_cmd_dump(cmd); 5228 5228 5229 5229 ret = ublk_check_cmd_op(cmd_op); 5230 5230 if (ret)