ublk_drv: update iod->addr for UBLK_IO_NEED_GET_DATA

If ublksrv sends UBLK_IO_NEED_GET_DATA with new allocated io buffer, we
have to update iod->addr in task_work before calling io_uring_cmd_done().
Then usersapce target can handle (write)io request with the new io
buffer reading from updated iod.

Without this change, userspace target may touch a wrong io buffer!

Signed-off-by: ZiyangZhang <ZiyangZhang@linux.alibaba.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20220810055212.66417-1-ZiyangZhang@linux.alibaba.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index 2b7d1db..5d8c723 100644 (file)
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -680,6 +680,11 @@ static inline void __ublk_rq_task_work(struct request *req)
                 * do the copy work.
                 */
                io->flags &= ~UBLK_IO_FLAG_NEED_GET_DATA;
+               /* update iod->addr because ublksrv may have passed a new io buffer */
+               ublk_get_iod(ubq, req->tag)->addr = io->addr;
+               pr_devel("%s: update iod->addr: op %d, qid %d tag %d io_flags %x addr %llx\n",
+                               __func__, io->cmd->cmd_op, ubq->q_id, req->tag, io->flags,
+                               ublk_get_iod(ubq, req->tag)->addr);
        }
 
        mapped_bytes = ublk_map_io(ubq, req, io);