]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d0cc5f5)
ublk: widen ublk_shmem_buf_reg.len to __u64 for 4GB buffer support
authorMing Lei <tom.leiming@gmail.com>
Thu, 9 Apr 2026 13:30:13 +0000 (21:30 +0800)
committerJens Axboe <axboe@kernel.dk>
Fri, 10 Apr 2026 01:08:35 +0000 (19:08 -0600)
The __u32 len field cannot represent a 4GB buffer (0x100000000
overflows to 0). Change it to __u64 so buffers up to 4GB can be
registered. Add a reserved field for alignment and validate it
is zero.

The kernel enforces a default max of 4GB (UBLK_SHMEM_BUF_SIZE_MAX)
which may be increased in future.

Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Link: https://patch.msgid.link/20260409133020.3780098-2-tom.leiming@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
drivers/block/ublk_drv.c patch | blob | blame | history
include/uapi/linux/ublk_cmd.h patch | blob | blame | history

diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index 1af42850f5b109586914820da5a4c388452c70f2..3f8bb80b1e8f9ebe7166c3a6c87e46251a129af0 100644 (file)
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -63,6 +63,9 @@
 #define UBLK_CMD_REG_BUF       _IOC_NR(UBLK_U_CMD_REG_BUF)
 #define UBLK_CMD_UNREG_BUF     _IOC_NR(UBLK_U_CMD_UNREG_BUF)
 
+/* Default max shmem buffer size: 4GB (may be increased in future) */
+#define UBLK_SHMEM_BUF_SIZE_MAX        (1ULL << 32)
+
 #define UBLK_IO_REGISTER_IO_BUF                _IOC_NR(UBLK_U_IO_REGISTER_IO_BUF)
 #define UBLK_IO_UNREGISTER_IO_BUF      _IOC_NR(UBLK_U_IO_UNREGISTER_IO_BUF)
 
@@ -5351,11 +5354,15 @@ static int ublk_ctrl_reg_buf(struct ublk_device *ub,
        if (buf_reg.flags & ~UBLK_SHMEM_BUF_READ_ONLY)
                return -EINVAL;
 
+       if (buf_reg.reserved)
+               return -EINVAL;
+
        addr = buf_reg.addr;
        size = buf_reg.len;
        nr_pages = size >> PAGE_SHIFT;
 
-       if (!size || !PAGE_ALIGNED(size) || !PAGE_ALIGNED(addr))
+       if (!size || size > UBLK_SHMEM_BUF_SIZE_MAX ||
+           !PAGE_ALIGNED(size) || !PAGE_ALIGNED(addr))
                return -EINVAL;
 
        disk = ublk_get_disk(ub);
diff --git a/include/uapi/linux/ublk_cmd.h b/include/uapi/linux/ublk_cmd.h
index a7078b79879186b36f788aea5b0c818c4fcd6796..6991370a72ce65b9ab024807815372dd14edf120 100644 (file)
--- a/include/uapi/linux/ublk_cmd.h
+++ b/include/uapi/linux/ublk_cmd.h
@@ -89,8 +89,9 @@
 /* Parameter buffer for UBLK_U_CMD_REG_BUF, pointed to by ctrl_cmd.addr */
 struct ublk_shmem_buf_reg {
        __u64   addr;   /* userspace virtual address of shared memory */
-       __u32   len;    /* buffer size in bytes (page-aligned, max 4GB) */
+       __u64   len;    /* buffer size in bytes, page-aligned, default max 4GB */
        __u32   flags;
+       __u32   reserved;
 };
 
 /* Pin pages without FOLL_WRITE; usable with write-sealed memfd */
A mirror of Linus' kernel repository