ublk: don't allow user copy for unprivileged device

UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device. Cc: stable@vger.kernel.org Fixes: 1172d5b8beca ("ublk: support user copy") Signed-off-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20241016134847.2911721-1-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Ming Lei <ming.lei@redhat.com> 2024-10-16 21:48:47 +0800
committer: Jens Axboe <axboe@kernel.dk> 2024-10-16 08:08:18 -0600
commit: 42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 (patch)
tree: b34db3afc3a7f0315d0afb18a0430ea85f7a8239 /drivers/block
parent: e972b08b91ef48488bae9789f03cfedb148667fb (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index a6c8e5cc6051..6ba2c1dd1d87 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -2380,10 +2380,19 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd)
 	 * TODO: provide forward progress for RECOVERY handler, so that
 	 * unprivileged device can benefit from it
 	 */
-	if (info.flags & UBLK_F_UNPRIVILEGED_DEV)
+	if (info.flags & UBLK_F_UNPRIVILEGED_DEV) {
 		info.flags &= ~(UBLK_F_USER_RECOVERY_REISSUE |
 				UBLK_F_USER_RECOVERY);
 
+		/*
+		 * For USER_COPY, we depends on userspace to fill request
+		 * buffer by pwrite() to ublk char device, which can't be
+		 * used for unprivileged device
+		 */
+		if (info.flags & UBLK_F_USER_COPY)
+			return -EINVAL;
+	}
+
 	/* the created device is always owned by current user */
 	ublk_store_owner_uid_gid(&info.owner_uid, &info.owner_gid);
author	Ming Lei <ming.lei@redhat.com>	2024-10-16 21:48:47 +0800
committer	Jens Axboe <axboe@kernel.dk>	2024-10-16 08:08:18 -0600
commit	42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 (patch)
tree	b34db3afc3a7f0315d0afb18a0430ea85f7a8239 /drivers/block
parent	e972b08b91ef48488bae9789f03cfedb148667fb (diff)