ublk: don't take ublk_queue in ublk_unregister_io_buf()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

UBLK_IO_UNREGISTER_IO_BUF currently requires a valid q_id and tag to be
passed in the ublksrv_io_cmd. However, only the addr (registered buffer
index) is actually used to unregister the buffer. There is no check that
the q_id and tag are for the ublk request whose buffer is registered at
the given index. To prepare to allow userspace to omit the q_id and tag,
check the UBLK_F_SUPPORT_ZERO_COPY flag on the ublk_device instead of
the ublk_queue.

Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20250620151008.3976463-9-csander@purestorage.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

authored by

Caleb Sander Mateos and committed by

Jens Axboe 9 months ago 2da1e7bb 2b53d4e9

+3 -3

1 changed file

expand all

drivers

block

ublk_drv.c

+3 -3

drivers/block/ublk_drv.c

··· 2041 2041 } 2042 2042 2043 2043 static int ublk_unregister_io_buf(struct io_uring_cmd *cmd, 2044 - const struct ublk_queue *ubq, 2044 + const struct ublk_device *ub, 2045 2045 unsigned int index, unsigned int issue_flags) 2046 2046 { 2047 - if (!ublk_support_zero_copy(ubq)) 2047 + if (!(ub->dev_info.flags & UBLK_F_SUPPORT_ZERO_COPY)) 2048 2048 return -EINVAL; 2049 2049 2050 2050 return io_buffer_unregister_bvec(cmd, index, issue_flags); ··· 2245 2245 case UBLK_IO_REGISTER_IO_BUF: 2246 2246 return ublk_register_io_buf(cmd, ubq, io, ub_cmd->addr, issue_flags); 2247 2247 case UBLK_IO_UNREGISTER_IO_BUF: 2248 - return ublk_unregister_io_buf(cmd, ubq, ub_cmd->addr, issue_flags); 2248 + return ublk_unregister_io_buf(cmd, ub, ub_cmd->addr, issue_flags); 2249 2249 case UBLK_IO_COMMIT_AND_FETCH_REQ: 2250 2250 ret = ublk_commit_and_fetch(ubq, io, cmd, ub_cmd, issue_flags); 2251 2251 if (ret)