| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260108091948.1099139-10-csander@purestorage.com>
Date: Thu, 8 Jan 2026 02:19:37 -0700
From: Caleb Sander Mateos <csander@...estorage.com>
To: Ming Lei <ming.lei@...hat.com>,
Jens Axboe <axboe@...nel.dk>,
Shuah Khan <shuah@...nel.org>
Cc: linux-block@...r.kernel.org,
linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org,
Stanley Zhang <stazhang@...estorage.com>,
Uday Shankar <ushankar@...estorage.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
Caleb Sander Mateos <csander@...estorage.com>
Subject: [PATCH v4 09/19] ublk: implement integrity user copy
From: Stanley Zhang <stazhang@...estorage.com>
Add a function ublk_copy_user_integrity() to copy integrity information
between a request and a user iov_iter. This mirrors the existing
ublk_copy_user_pages() but operates on request integrity data instead of
regular data. Check UBLKSRV_IO_INTEGRITY_FLAG in iocb->ki_pos in
ublk_user_copy() to choose between copying data or integrity data.
Signed-off-by: Stanley Zhang <stazhang@...estorage.com>
[csander: change offset units from data bytes to integrity data bytes,
fix CONFIG_BLK_DEV_INTEGRITY=n build, rebase on user copy refactor]
Signed-off-by: Caleb Sander Mateos <csander@...estorage.com>
---
drivers/block/ublk_drv.c | 53 +++++++++++++++++++++++++++++++++--
include/uapi/linux/ublk_cmd.h | 4 +++
2 files changed, 55 insertions(+), 2 deletions(-)
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index 8eefb838b563..2a8a6a9c0281 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -1052,10 +1052,37 @@ static size_t ublk_copy_user_pages(const struct request *req,
break;
}
return done;
}
+#ifdef CONFIG_BLK_DEV_INTEGRITY
+static size_t ublk_copy_user_integrity(const struct request *req,
+ unsigned offset, struct iov_iter *uiter, int dir)
+{
+ size_t done = 0;
+ struct bio *bio = req->bio;
+ struct bvec_iter iter;
+ struct bio_vec iv;
+
+ if (!blk_integrity_rq(req))
+ return 0;
+
+ bio_for_each_integrity_vec(iv, bio, iter) {
+ if (!ublk_copy_user_bvec(&iv, &offset, uiter, dir, &done))
+ break;
+ }
+
+ return done;
+}
+#else /* #ifdef CONFIG_BLK_DEV_INTEGRITY */
+static size_t ublk_copy_user_integrity(const struct request *req,
+ unsigned offset, struct iov_iter *uiter, int dir)
+{
+ return 0;
+}
+#endif /* #ifdef CONFIG_BLK_DEV_INTEGRITY */
+
static inline bool ublk_need_map_req(const struct request *req)
{
return ublk_rq_has_data(req) && req_op(req) == REQ_OP_WRITE;
}
@@ -2659,10 +2686,12 @@ ublk_user_copy(struct kiocb *iocb, struct iov_iter *iter, int dir)
{
struct ublk_device *ub = iocb->ki_filp->private_data;
struct ublk_queue *ubq;
struct request *req;
struct ublk_io *io;
+ unsigned data_len;
+ bool is_integrity;
size_t buf_off;
u16 tag, q_id;
ssize_t ret;
if (!user_backed_iter(iter))
@@ -2672,10 +2701,14 @@ ublk_user_copy(struct kiocb *iocb, struct iov_iter *iter, int dir)
return -EACCES;
tag = ublk_pos_to_tag(iocb->ki_pos);
q_id = ublk_pos_to_hwq(iocb->ki_pos);
buf_off = ublk_pos_to_buf_off(iocb->ki_pos);
+ is_integrity = !!(iocb->ki_pos & UBLKSRV_IO_INTEGRITY_FLAG);
+
+ if (unlikely(!ublk_dev_support_integrity(ub) && is_integrity))
+ return -EINVAL;
if (q_id >= ub->dev_info.nr_hw_queues)
return -EINVAL;
ubq = ublk_get_queue(ub, q_id);
@@ -2688,21 +2721,31 @@ ublk_user_copy(struct kiocb *iocb, struct iov_iter *iter, int dir)
io = &ubq->ios[tag];
req = __ublk_check_and_get_req(ub, q_id, tag, io);
if (!req)
return -EINVAL;
- if (buf_off > blk_rq_bytes(req)) {
+ if (is_integrity) {
+ struct blk_integrity *bi = &req->q->limits.integrity;
+
+ data_len = bio_integrity_bytes(bi, blk_rq_sectors(req));
+ } else {
+ data_len = blk_rq_bytes(req);
+ }
+ if (buf_off > data_len) {
ret = -EINVAL;
goto out;
}
if (!ublk_check_ubuf_dir(req, dir)) {
ret = -EACCES;
goto out;
}
- ret = ublk_copy_user_pages(req, buf_off, iter, dir);
+ if (is_integrity)
+ ret = ublk_copy_user_integrity(req, buf_off, iter, dir);
+ else
+ ret = ublk_copy_user_pages(req, buf_off, iter, dir);
out:
ublk_put_req_ref(io, req);
return ret;
}
@@ -3939,10 +3982,16 @@ static int __init ublk_init(void)
{
int ret;
BUILD_BUG_ON((u64)UBLKSRV_IO_BUF_OFFSET +
UBLKSRV_IO_BUF_TOTAL_SIZE < UBLKSRV_IO_BUF_OFFSET);
+ /*
+ * Ensure UBLKSRV_IO_BUF_OFFSET + UBLKSRV_IO_BUF_TOTAL_SIZE
+ * doesn't overflow into UBLKSRV_IO_INTEGRITY_FLAG
+ */
+ BUILD_BUG_ON(UBLKSRV_IO_BUF_OFFSET + UBLKSRV_IO_BUF_TOTAL_SIZE >=
+ UBLKSRV_IO_INTEGRITY_FLAG);
BUILD_BUG_ON(sizeof(struct ublk_auto_buf_reg) != 8);
init_waitqueue_head(&ublk_idr_wq);
ret = misc_register(&ublk_misc);
diff --git a/include/uapi/linux/ublk_cmd.h b/include/uapi/linux/ublk_cmd.h
index dfde4aee39eb..61ac5d8e1078 100644
--- a/include/uapi/linux/ublk_cmd.h
+++ b/include/uapi/linux/ublk_cmd.h
@@ -132,10 +132,14 @@
#define UBLK_MAX_NR_QUEUES (1U << UBLK_QID_BITS)
#define UBLKSRV_IO_BUF_TOTAL_BITS (UBLK_QID_OFF + UBLK_QID_BITS)
#define UBLKSRV_IO_BUF_TOTAL_SIZE (1ULL << UBLKSRV_IO_BUF_TOTAL_BITS)
+/* Copy to/from request integrity buffer instead of data buffer */
+#define UBLK_INTEGRITY_FLAG_OFF 62
+#define UBLKSRV_IO_INTEGRITY_FLAG (1ULL << UBLK_INTEGRITY_FLAG_OFF)
+
/*
* ublk server can register data buffers for incoming I/O requests with a sparse
* io_uring buffer table. The request buffer can then be used as the data buffer
* for io_uring operations via the fixed buffer index.
* Note that the ublk server can never directly access the request data memory.
--
2.45.2
Powered by blists - more mailing lists