diff options
| author | Ming Lei <ming.lei@redhat.com> | 2024-10-16 21:48:47 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-10-22 15:46:27 +0200 |
| commit | 6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc (patch) | |
| tree | 1cd4ee18fb2b850ff1323f4f397802316b1b7cd9 /include | |
| parent | 2762b3cc9094f7cd8d71577485375611cf736953 (diff) | |
| download | linux-6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc.tar.gz linux-6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc.tar.bz2 linux-6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc.zip | |
ublk: don't allow user copy for unprivileged device
commit 42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 upstream.
UBLK_F_USER_COPY requires userspace to call write() on ublk char
device for filling request buffer, and unprivileged device can't
be trusted.
So don't allow user copy for unprivileged device.
Cc: stable@vger.kernel.org
Fixes: 1172d5b8beca ("ublk: support user copy")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241016134847.2911721-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/uapi/linux/ublk_cmd.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/include/uapi/linux/ublk_cmd.h b/include/uapi/linux/ublk_cmd.h index b9cfc5c96268..3830b428ecf1 100644 --- a/include/uapi/linux/ublk_cmd.h +++ b/include/uapi/linux/ublk_cmd.h @@ -173,7 +173,13 @@ /* use ioctl encoding for uring command */ #define UBLK_F_CMD_IOCTL_ENCODE (1UL << 6) -/* Copy between request and user buffer by pread()/pwrite() */ +/* + * Copy between request and user buffer by pread()/pwrite() + * + * Not available for UBLK_F_UNPRIVILEGED_DEV, otherwise userspace may + * deceive us by not filling request buffer, then kernel uninitialized + * data may be leaked. + */ #define UBLK_F_USER_COPY (1UL << 7) /* |