github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
5a0735b0bc
linux/drivers
History
Xie Yongji 5a0735b0bc virtio-blk: Use blk_validate_block_size() to validate block size 
commit 57a13a5b81 upstream.

The block layer can't support a block size larger than
page size yet. And a block size that's too small or
not a power of two won't work either. If a misconfigured
device presents an invalid block size in configuration space,
it will result in the kernel crash something like below:

[  506.154324] BUG: kernel NULL pointer dereference, address: 0000000000000008
[  506.160416] RIP: 0010:create_empty_buffers+0x24/0x100
[  506.174302] Call Trace:
[  506.174651]  create_page_buffers+0x4d/0x60
[  506.175207]  block_read_full_page+0x50/0x380
[  506.175798]  ? __mod_lruvec_page_state+0x60/0xa0
[  506.176412]  ? __add_to_page_cache_locked+0x1b2/0x390
[  506.177085]  ? blkdev_direct_IO+0x4a0/0x4a0
[  506.177644]  ? scan_shadow_nodes+0x30/0x30
[  506.178206]  ? lru_cache_add+0x42/0x60
[  506.178716]  do_read_cache_page+0x695/0x740
[  506.179278]  ? read_part_sector+0xe0/0xe0
[  506.179821]  read_part_sector+0x36/0xe0
[  506.180337]  adfspart_check_ICS+0x32/0x320
[  506.180890]  ? snprintf+0x45/0x70
[  506.181350]  ? read_part_sector+0xe0/0xe0
[  506.181906]  bdev_disk_changed+0x229/0x5c0
[  506.182483]  blkdev_get_whole+0x6d/0x90
[  506.183013]  blkdev_get_by_dev+0x122/0x2d0
[  506.183562]  device_add_disk+0x39e/0x3c0
[  506.184472]  virtblk_probe+0x3f8/0x79b [virtio_blk]
[  506.185461]  virtio_dev_probe+0x15e/0x1d0 [virtio]

So let's use a block layer helper to validate the block size.

Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/r/20211026144015.188-5-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-08 14:22:48 +02:00
..
accessibility speakup-dectlk: Restore pitch setting 2022-02-16 12:56:37 +01:00
acpi ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU 2022-03-28 09:58:45 +02:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 14:13:31 +01:00
android binder: avoid potential data leakage when copying txn 2022-01-27 11:04:09 +01:00
ata ata: pata_hpt37x: fix PCI clock detection 2022-03-08 19:12:33 +01:00
atm atm: eni: Add check for dma_map_single 2022-03-23 09:16:41 +01:00
auxdisplay auxdisplay: lcd2s: Use proper API to free the instance of charlcd object 2022-03-08 19:12:47 +01:00
base driver core: Free DMA range map when device is released 2022-03-02 11:48:07 +01:00
bcma
block virtio-blk: Use blk_validate_block_size() to validate block size 2022-04-08 14:22:48 +02:00
bluetooth Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE 2022-03-28 09:58:45 +02:00
bus bus: mhi: pci_generic: Add mru_default for Cinterion MV31-W 2022-02-16 12:56:39 +01:00
cdrom
char virtio_console: break out of buf poll on remove 2022-04-08 14:22:46 +02:00
clk clk: qcom: dispcc: Update the transition delay for MDSS GDSC 2022-03-16 14:23:35 +01:00
clocksource ARM: dts: Use 32KiHz oscillator on devkit8000 2022-03-08 19:12:49 +01:00
comedi comedi: vmk80xx: fix bulk and interrupt message timeouts 2021-11-12 15:05:51 +01:00
connector
counter
cpufreq cpufreq: Fix initialization of min and max frequency QoS requests 2022-01-27 11:04:44 +01:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-18 19:16:29 +01:00
crypto crypto: qat - disable registration of algorithms 2022-03-28 09:58:45 +02:00
cxl cxl/pmem: Fix reference counting for delayed work 2022-01-27 11:02:58 +01:00
dax
dca
devfreq
dio
dma dmaengine: shdma: Fix runtime PM imbalance on error 2022-03-08 19:12:31 +01:00
dma-buf dma-buf: cma_heap: Fix mutex locking section 2022-03-08 19:12:37 +01:00
edac EDAC: Fix calculation of returned address and next offset in edac_align_ptr() 2022-02-23 12:03:20 +01:00
eisa
extcon
firewire
firmware efi: fix return value of __setup handlers 2022-03-23 09:16:41 +01:00
fpga fpga: ice40-spi: Add SPI device ID table 2021-09-27 14:00:41 -07:00
fsi
gnss
gpio Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)" 2022-04-08 14:22:47 +02:00
gpu drm/amdgpu: only check for _PR3 on dGPUs 2022-04-08 14:22:48 +02:00
greybus
hid HID: Add support for open wheel and no attachment to T300 2022-04-08 14:22:46 +02:00
hsi HSI: core: Fix return freed object in hsi_new_client 2022-01-27 11:04:31 +01:00
hv hv: utils: add PTP_1588_CLOCK to Kconfig to fix build 2022-04-08 14:22:46 +02:00
hwmon hwmon: (pmbus) Clear pmbus fault/warning bits after read 2022-03-16 14:23:41 +01:00
hwspinlock
hwtracing coresight: trbe: Defer the probe on offline CPUs 2021-11-18 19:16:06 +01:00
i2c i2c: qup: allow COMPILE_TEST 2022-03-08 19:12:31 +01:00
i3c i3c: master: dw: check return of dw_i3c_master_get_free_pos() 2022-03-08 19:12:37 +01:00
idle
iio iio: Fix error handling for PM 2022-03-02 11:48:04 +01:00
infiniband IB/qib: Fix duplicate sysfs directory name 2022-03-02 11:48:08 +01:00
input Input: zinitix - do not report shadow fingers 2022-04-08 14:22:47 +02:00
interconnect interconnect: qcom: rpm: Prevent integer overflow in rate 2022-01-27 11:05:00 +01:00
iommu iommu/iova: Improve 32-bit free space estimate 2022-04-08 14:22:48 +02:00
ipack ipack: ipoctal: fix module reference leak 2021-09-27 17:38:49 +02:00
irqchip irqchip/sifive-plic: Add missing thead,c900-plic match string 2022-02-23 12:03:17 +01:00
isdn isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() 2022-03-16 14:23:36 +01:00
leds leds: lp55xx: initialise output direction from dts 2022-01-27 11:04:21 +01:00
macintosh
mailbox mailbox: change mailbox-mpfs compatible string 2022-01-27 11:05:05 +01:00
mcb
md block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
media media: correct MEDIA_TEST_SUPPORT help text 2022-01-27 11:05:20 +01:00
memory memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails 2022-01-27 11:03:11 +01:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-18 19:16:32 +01:00
message
mfd mfd: tps65910: Set PWR_OFF bit during driver probe 2022-01-27 11:05:07 +01:00
misc eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX 2022-02-16 12:56:33 +01:00
mmc mmc: meson: Fix usage of meson_mmc_post_req() 2022-03-16 14:23:42 +01:00
most most: fix control-message timeouts 2021-11-18 19:16:08 +01:00
mtd mtd: spi-nor: Fix mtd size for s3an flashes 2022-03-08 19:12:33 +01:00
mux
net net: dsa: microchip: add spi_device_id tables 2022-04-08 14:22:48 +02:00
nfc nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION 2022-03-28 09:58:42 +02:00
ntb ntb: intel: fix port config status offset for SPR 2022-03-08 19:12:44 +01:00
nubus
nvdimm nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet assigned 2021-11-18 19:17:07 +01:00
nvme nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info 2022-03-02 11:47:56 +01:00
nvmem nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property 2022-03-02 11:48:06 +01:00
of of: net: move of_net under net/ 2022-03-08 19:12:41 +01:00
opp opp: Fix return in _opp_add_static_v2() 2021-11-18 19:17:00 +01:00
parisc parisc: Fix sglist access in ccio-dma.c 2022-02-23 12:03:03 +01:00
parport
pci PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken 2022-03-16 14:23:41 +01:00
pcmcia pcmcia: fix setting of kthread task states 2022-01-27 11:04:02 +01:00
perf perf/arm-cmn: Fix CPU hotplug unregistration 2022-01-27 11:03:36 +01:00
phy phy: phy-mtk-tphy: Fix duplicated argument in phy-mtk-tphy 2022-02-23 12:03:17 +01:00
pinctrl pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" 2022-03-16 14:23:40 +01:00
platform surface: surface3_power: Fix battery readings on batteries without a serial number 2022-03-02 11:47:59 +01:00
pnp
power power: reset: mt6397: Check for null res pointer 2022-01-27 11:03:49 +01:00
powercap
pps
ps3
ptp net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets 2022-01-27 11:03:52 +01:00
pwm
rapidio
ras
regulator regulator: core: fix false positive in regulator_late_cleanup() 2022-03-08 19:12:29 +01:00
remoteproc remoteproc: imx_rproc: Fix a resource leak in the remove function 2022-01-27 11:05:10 +01:00
reset reset: renesas: Fix Runtime PM usage 2022-01-11 15:35:16 +01:00
rpmsg rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev 2022-02-01 17:27:07 +01:00
rtc rtc: cmos: Evaluate century appropriate 2022-02-08 18:34:12 +01:00
s390 block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
sbus
scsi scsi: mpt3sas: Page fault in reply q processing 2022-03-23 09:16:43 +01:00
sh maple: fix wrong return value of maple_bus_init(). 2021-11-25 09:48:31 +01:00
siox
slimbus
soc soc: fsl: qe: Check of ioremap return value 2022-03-08 19:12:49 +01:00
soundwire soundwire: bus: stop dereferencing invalid slave pointer 2021-11-18 19:16:54 +01:00
spi spi: Fix erroneous sgs value with min_t() 2022-04-08 14:22:47 +02:00
spmi
ssb
staging staging: gdm724x: fix use after free in gdm_lte_rx() 2022-03-16 14:23:42 +01:00
target scsi: target: iscsi: Make sure the np under each tpg is unique 2022-02-16 12:56:12 +01:00
tc
tee optee: use driver internal tee_context for some rpc 2022-03-02 11:47:51 +01:00
thermal thermal: core: Fix TZ_GET_TRIP NULL pointer dereference 2022-03-08 19:12:43 +01:00
thunderbolt thunderbolt: Runtime PM activate both ends of the device link 2022-01-27 11:04:36 +01:00
tty serial: stm32: prevent TDR register overwrite when sending x_char 2022-03-08 19:12:32 +01:00
uio
usb USB: serial: simple: add Nokia phone driver 2022-04-08 14:22:46 +02:00
vdpa vdpa/mlx5: should verify CTRL_VQ feature exists for MQ 2022-04-08 14:22:46 +02:00
vfio vfio/pci: add missing identifier name in argument of function prototype 2021-09-23 14:12:36 -06:00
vhost vsock: each transport cycles only on its own sockets 2022-03-23 09:16:41 +01:00
video fbcon: Avoid 'cap' set but not used warning 2022-02-16 12:56:27 +01:00
virt nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert 2022-01-05 12:42:39 +01:00
virtio virtio: acknowledge all features before access 2022-03-16 14:23:43 +01:00
visorbus
vlynq
vme
w1 w1: Misuse of get_user()/put_user() reported by sparse 2022-01-27 11:04:59 +01:00
watchdog ar7: fix kernel builds for compiler test 2021-11-18 19:17:03 +01:00
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-11 12:22:37 +01:00
zorro
Kconfig firmware: include drivers/firmware/Kconfig unconditionally 2021-10-07 16:51:26 +02:00
Makefile virtio: always enter drivers/virtio/ 2021-12-22 09:32:39 +01:00