ublk: don't allow user copy for unprivileged device

UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device. Cc: stable@vger.kernel.org Fixes: 1172d5b8beca ("ublk: support user copy") Signed-off-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20241016134847.2911721-1-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Ming Lei <ming.lei@redhat.com> 2024-10-16 21:48:47 +0800
committer: Jens Axboe <axboe@kernel.dk> 2024-10-16 08:08:18 -0600
commit: 42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 (patch)
tree: b34db3afc3a7f0315d0afb18a0430ea85f7a8239 /include/uapi/linux
parent: e972b08b91ef48488bae9789f03cfedb148667fb (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/include/uapi/linux/ublk_cmd.h b/include/uapi/linux/ublk_cmd.h
index c8dc5f8ea699..12873639ea96 100644
--- a/include/uapi/linux/ublk_cmd.h
+++ b/include/uapi/linux/ublk_cmd.h
@@ -175,7 +175,13 @@
 /* use ioctl encoding for uring command */
 #define UBLK_F_CMD_IOCTL_ENCODE	(1UL << 6)
 
-/* Copy between request and user buffer by pread()/pwrite() */
+/*
+ *  Copy between request and user buffer by pread()/pwrite()
+ *
+ *  Not available for UBLK_F_UNPRIVILEGED_DEV, otherwise userspace may
+ *  deceive us by not filling request buffer, then kernel uninitialized
+ *  data may be leaked.
+ */
 #define UBLK_F_USER_COPY	(1UL << 7)
 
 /*
author	Ming Lei <ming.lei@redhat.com>	2024-10-16 21:48:47 +0800
committer	Jens Axboe <axboe@kernel.dk>	2024-10-16 08:08:18 -0600
commit	42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 (patch)
tree	b34db3afc3a7f0315d0afb18a0430ea85f7a8239 /include/uapi/linux
parent	e972b08b91ef48488bae9789f03cfedb148667fb (diff)