ublk: Validate SQE128 flag before accessing the cmd

[ Upstream commit da7e4b75e50c087d2031a92f6646eb90f7045a67 ] ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set. Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver") Signed-off-by: Govindarajulu Varadarajan <govind.varadar@gmail.com> Reviewed-by: Caleb Sander Mateos <csander@purestorage.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Govindarajulu Varadarajan <govind.varadar@gmail.com> 2026-01-30 10:14:12 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-02-26 15:00:43 -0800
commit: 17d33ba7291100008360b5a354962db37ad80684 (patch)
tree: 7515638ddbc1f8ca3e53a73cdd06fa7121361570 /drivers/block
parent: 48eed5f1889d832da1b824c3876f5904f6b5fbe3 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index 6000517645e1..0ce0e537fb85 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -3786,10 +3786,10 @@ static int ublk_ctrl_uring_cmd(struct io_uring_cmd *cmd,
 	    issue_flags & IO_URING_F_NONBLOCK)
 		return -EAGAIN;
 
-	ublk_ctrl_cmd_dump(cmd);
-
 	if (!(issue_flags & IO_URING_F_SQE128))
-		goto out;
+		return -EINVAL;
+
+	ublk_ctrl_cmd_dump(cmd);
 
 	ret = ublk_check_cmd_op(cmd_op);
 	if (ret)
author	Govindarajulu Varadarajan <govind.varadar@gmail.com>	2026-01-30 10:14:12 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-02-26 15:00:43 -0800
commit	17d33ba7291100008360b5a354962db37ad80684 (patch)
tree	7515638ddbc1f8ca3e53a73cdd06fa7121361570 /drivers/block
parent	48eed5f1889d832da1b824c3876f5904f6b5fbe3 (diff)