ublk: Validate SQE128 flag before accessing the cmd

[ Upstream commit da7e4b75e50c087d2031a92f6646eb90f7045a67 ] ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set. Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver") Signed-off-by: Govindarajulu Varadarajan <govind.varadar@gmail.com> Reviewed-by: Caleb Sander Mateos <csander@purestorage.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Govindarajulu Varadarajan <govind.varadar@gmail.com> 2026-01-30 20:14:12 +0300
committer: Sasha Levin <sashal@kernel.org> 2026-03-04 15:19:30 +0300
commit: dbe8e81a2ec608f87f79a34f6444cd62f6a243bb (patch)
tree: 63754beee0890cc31b3412b57abbb951fe9d7fd6 /drivers/block
parent: 8af710156c53cdb392d529497ef2b3a10a1f9370 (diff)
download: linux-dbe8e81a2ec608f87f79a34f6444cd62f6a243bb.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index 2d46383e8d26..c6a59f02944f 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -3026,10 +3026,10 @@ static int ublk_ctrl_uring_cmd(struct io_uring_cmd *cmd,
 	if (issue_flags & IO_URING_F_NONBLOCK)
 		return -EAGAIN;
 
-	ublk_ctrl_cmd_dump(cmd);
-
 	if (!(issue_flags & IO_URING_F_SQE128))
-		goto out;
+		return -EINVAL;
+
+	ublk_ctrl_cmd_dump(cmd);
 
 	ret = ublk_check_cmd_op(cmd_op);
 	if (ret)
author	Govindarajulu Varadarajan <govind.varadar@gmail.com>	2026-01-30 20:14:12 +0300
committer	Sasha Levin <sashal@kernel.org>	2026-03-04 15:19:30 +0300
commit	dbe8e81a2ec608f87f79a34f6444cd62f6a243bb (patch)
tree	63754beee0890cc31b3412b57abbb951fe9d7fd6 /drivers/block
parent	8af710156c53cdb392d529497ef2b3a10a1f9370 (diff)
download	linux-dbe8e81a2ec608f87f79a34f6444cd62f6a243bb.tar.xz