On Wed, Aug 10, 2022 at 1:53 PM ZiyangZhang
<ZiyangZhang@xxxxxxxxxxxxxxxxx> wrote:
>
> If ublksrv sends UBLK_IO_NEED_GET_DATA with new allocated io buffer, we
> have to update iod->addr in task_work before calling io_uring_cmd_done().
> Then usersapce target can handle (write)io request with the new io
> buffer reading from updated iod.
>
> Without this change, userspace target may touch a wrong io buffer!
>
> Signed-off-by: ZiyangZhang <ZiyangZhang@xxxxxxxxxxxxxxxxx>
> ---
> drivers/block/ublk_drv.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
> index 0b9bd9e02b53..98c345df6896 100644
> --- a/drivers/block/ublk_drv.c
> +++ b/drivers/block/ublk_drv.c
> @@ -677,6 +677,11 @@ static inline void __ublk_rq_task_work(struct request *req)
> * do the copy work.
> */
> io->flags &= ~UBLK_IO_FLAG_NEED_GET_DATA;
> + /* update iod->addr because ublksrv may have passed a new io buffer */
> + ublk_get_iod(ubq, req->tag)->addr = io->addr;
> + pr_devel("%s: update iod->addr: op %d, qid %d tag %d io_flags %x addr %llx\n",
> + __func__, io->cmd->cmd_op, ubq->q_id, req->tag, io->flags,
> + ublk_get_iod(ubq, req->tag)->addr);
Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
Thanks,
