diff options
| author | Govindarajulu Varadarajan <govind.varadar@gmail.com> | 2026-02-18 20:59:30 -0800 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2026-02-19 07:26:26 -0700 |
| commit | ea129e55c9e06a51a93c3f5ef3e32a6cfa3f8ec7 (patch) | |
| tree | 0fc192097104be2b8c63efaf57f041fc11c47f5d /drivers | |
| parent | 42a6bd57ee9f930a72c26f863c72f666d6ed9ea5 (diff) | |
io_uring: Add size check for sqe->cmd
For SQE128, sqe->cmd provides 80 bytes for uring_cmd. Add macro to
check if size of user struct does not exceed 80 bytes at compile time.
User doesn't have to track this manually during development.
Replace io_uring_sqe_cmd() inline func with macro and add
io_uring_sqe128_cmd() which checks struct
size for 16 bytes cmd and 80 bytes cmd respectively.
Signed-off-by: Govindarajulu Varadarajan <govind.varadar@gmail.com>
Reviewed-by: Caleb Sander Mateos <csander@purestorage.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/block/ublk_drv.c | 12 | ||||
| -rw-r--r-- | drivers/nvme/host/ioctl.c | 3 |
2 files changed, 10 insertions, 5 deletions
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index c13cda58a7c6..46a785ce078d 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -3255,7 +3255,8 @@ static int ublk_ch_uring_cmd_local(struct io_uring_cmd *cmd, unsigned int issue_flags) { /* May point to userspace-mapped memory */ - const struct ublksrv_io_cmd *ub_src = io_uring_sqe_cmd(cmd->sqe); + const struct ublksrv_io_cmd *ub_src = io_uring_sqe_cmd(cmd->sqe, + struct ublksrv_io_cmd); u16 buf_idx = UBLK_INVALID_BUF_IDX; struct ublk_device *ub = cmd->file->private_data; struct ublk_queue *ubq; @@ -3833,7 +3834,8 @@ static int ublk_validate_batch_fetch_cmd(struct ublk_batch_io_data *data) static int ublk_handle_non_batch_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags) { - const struct ublksrv_io_cmd *ub_cmd = io_uring_sqe_cmd(cmd->sqe); + const struct ublksrv_io_cmd *ub_cmd = io_uring_sqe_cmd(cmd->sqe, + struct ublksrv_io_cmd); struct ublk_device *ub = cmd->file->private_data; unsigned tag = READ_ONCE(ub_cmd->tag); unsigned q_id = READ_ONCE(ub_cmd->q_id); @@ -3862,7 +3864,8 @@ static int ublk_handle_non_batch_cmd(struct io_uring_cmd *cmd, static int ublk_ch_batch_io_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags) { - const struct ublk_batch_io *uc = io_uring_sqe_cmd(cmd->sqe); + const struct ublk_batch_io *uc = io_uring_sqe_cmd(cmd->sqe, + struct ublk_batch_io); struct ublk_device *ub = cmd->file->private_data; struct ublk_batch_io_data data = { .ub = ub, @@ -5253,7 +5256,8 @@ static int ublk_ctrl_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags) { /* May point to userspace-mapped memory */ - const struct ublksrv_ctrl_cmd *ub_src = io_uring_sqe_cmd(cmd->sqe); + const struct ublksrv_ctrl_cmd *ub_src = io_uring_sqe128_cmd(cmd->sqe, + struct ublksrv_ctrl_cmd); struct ublksrv_ctrl_cmd header; struct ublk_device *ub = NULL; u32 cmd_op = cmd->cmd_op; diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index fb62633ccbb0..8844bbd39515 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -447,7 +447,8 @@ static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns, struct io_uring_cmd *ioucmd, unsigned int issue_flags, bool vec) { struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd); - const struct nvme_uring_cmd *cmd = io_uring_sqe_cmd(ioucmd->sqe); + const struct nvme_uring_cmd *cmd = io_uring_sqe128_cmd(ioucmd->sqe, + struct nvme_uring_cmd); struct request_queue *q = ns ? ns->queue : ctrl->admin_q; struct nvme_uring_data d; struct nvme_command c; |