[PATCH 5/6] nvme-ioctl: combine alloc and map

Mon Feb 24 10:21:27 PST 2025

From: Keith Busch <kbusch at kernel.org>

The same pattern repeats, so combine it. Also, the existing mapping
leaks a request if a user requests to map a vectored fixed buffer, or
unsupportable metadata formts, so these get fixed here too.

Signed-off-by: Keith Busch <kbusch at kernel.org>
---
 drivers/nvme/host/ioctl.c | 69 +++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index 1f28fc4b341dd..016a21a3861e9 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -99,21 +99,6 @@ static void __user *nvme_to_user_ptr(uintptr_t ptrval)
 	return (void __user *)ptrval;
 }
 
-static struct request *nvme_alloc_user_request(struct request_queue *q,
-		struct nvme_command *cmd, blk_opf_t rq_flags,
-		blk_mq_req_flags_t blk_flags, unsigned timeout_ms)
-{
-	struct request *req;
-
-	req = blk_mq_alloc_request(q, nvme_req_op(cmd) | rq_flags, blk_flags);
-	if (IS_ERR(req))
-		return req;
-	nvme_init_request(req, cmd);
-	nvme_req(req)->flags |= NVME_REQ_USERCMD;
-	req->timeout = timeout_ms ? msecs_to_jiffies(timeout_ms) : 0;
-	return req;
-}
-
 static int nvme_map_user_request(struct request *req, u64 ubuffer,
 		unsigned bufflen, u64 meta_buffer, unsigned meta_len,
 		struct io_uring_cmd *ioucmd, unsigned int flags)
@@ -146,7 +131,7 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
 		ret = io_uring_cmd_import_fixed(ubuffer, bufflen,
 				rq_data_dir(req), &iter, ioucmd);
 		if (ret < 0)
-			goto out;
+			return ret;
 		ret = blk_rq_map_user_iov(q, req, NULL, &iter, GFP_KERNEL);
 	} else {
 		ret = blk_rq_map_user_io(req, NULL, nvme_to_user_ptr(ubuffer),
@@ -155,7 +140,7 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
 	}
 
 	if (ret)
-		goto out;
+		return ret;
 
 	bio = req->bio;
 	if (bdev)
@@ -173,9 +158,36 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
 out_unmap:
 	if (bio)
 		blk_rq_unmap_user(bio);
+	return ret;
+}
+
+static struct request *nvme_alloc_user_request(struct request_queue *q,
+		struct nvme_command *cmd, blk_opf_t rq_flags,
+		blk_mq_req_flags_t blk_flags, unsigned timeout_ms, u64 ubuffer,
+		unsigned bufflen, u64 meta_buffer, unsigned meta_len,
+		struct io_uring_cmd *ioucmd, unsigned int flags)
+{
+	struct request *req;
+	int ret;
+
+	req = blk_mq_alloc_request(q, nvme_req_op(cmd) | rq_flags, blk_flags);
+	if (IS_ERR(req))
+		return req;
+	nvme_init_request(req, cmd);
+	nvme_req(req)->flags |= NVME_REQ_USERCMD;
+	req->timeout = timeout_ms ? msecs_to_jiffies(timeout_ms) : 0;
+
+	if (ubuffer && bufflen) {
+		ret = nvme_map_user_request(req, ubuffer, bufflen, meta_buffer,
+				meta_len, ioucmd, flags);
+		if (ret)
+			goto out;
+	}
+
+	return req;
 out:
 	blk_mq_free_request(req);
-	return ret;
+	return ERR_PTR(ret);
 }
 
 static int nvme_submit_user_cmd(struct request_queue *q,
@@ -190,17 +202,11 @@ static int nvme_submit_user_cmd(struct request_queue *q,
 	u32 effects;
 	int ret;
 
-	req = nvme_alloc_user_request(q, cmd, 0, 0, timeout_ms);
+	req = nvme_alloc_user_request(q, cmd, 0, 0, timeout_ms, ubuffer,
+		bufflen, meta_buffer, meta_len, NULL, flags);
 	if (IS_ERR(req))
 		return PTR_ERR(req);
 
-	if (ubuffer && bufflen) {
-		ret = nvme_map_user_request(req, ubuffer, bufflen, meta_buffer,
-				meta_len, NULL, flags);
-		if (ret)
-			return ret;
-	}
-
 	bio = req->bio;
 	ctrl = nvme_req(req)->ctrl;
 
@@ -458,7 +464,6 @@ static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
 	struct request *req;
 	blk_opf_t rq_flags = REQ_ALLOC_CACHE;
 	blk_mq_req_flags_t blk_flags = 0;
-	int ret;
 
 	c.common.opcode = READ_ONCE(cmd->opcode);
 	c.common.flags = READ_ONCE(cmd->flags);
@@ -499,17 +504,11 @@ static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
 	if (issue_flags & IO_URING_F_IOPOLL)
 		rq_flags |= REQ_POLLED;
 
-	req = nvme_alloc_user_request(q, &c, rq_flags, blk_flags, d.timeout_ms);
+	req = nvme_alloc_user_request(q, &c, rq_flags, blk_flags, d.timeout_ms,
+		d.addr, d.data_len, d.metadata, d.metadata_len, ioucmd, flags);
 	if (IS_ERR(req))
 		return PTR_ERR(req);
 
-	if (d.addr && d.data_len) {
-		ret = nvme_map_user_request(req, d.addr, d.data_len, d.metadata,
-					    d.metadata_len, ioucmd, flags);
-		if (ret)
-			return ret;
-	}
-
 	/* to free bio on completion, as req->bio will be null at that time */
 	pdu->bio = req->bio;
 	pdu->req = req;
-- 
2.43.5


