From 4f118472d4b40142004bc6bc652a651f67bfee94 Mon Sep 17 00:00:00 2001 From: Sohaib Date: Fri, 30 Apr 2021 12:36:11 +0200 Subject: virtio_blk: cleanups: remove check obsoleted by CONFIG_LBDAF removal Prior to 72deb455b5ec ("block: remove CONFIG_LBDAF"), it was optional if the 32-bit kernel support block device and/or file sizes larger than 2 TiB (considering the sector size is 512 bytes) But now sector_t and blkcnt_t are always 64-bit in size. Suggested-by: Ahmad Fatoum Signed-off-by: Sohaib Mohammed Link: https://lore.kernel.org/r/20210430103611.77345-1-sohaib.amhmd@gmail.com Reviewed-by: Stefan Hajnoczi Signed-off-by: Michael S. Tsirkin --- drivers/block/virtio_blk.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'drivers/block') diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index e4bd3b1fc3c2..6dda64fec743 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -447,13 +447,6 @@ static void virtblk_update_capacity(struct virtio_blk *vblk, bool resize) /* Host must always specify the capacity. */ virtio_cread(vdev, struct virtio_blk_config, capacity, &capacity); - /* If capacity is too big, truncate with warning. */ - if ((sector_t)capacity != capacity) { - dev_warn(&vdev->dev, "Capacity %llu too large: truncating\n", - (unsigned long long)capacity); - capacity = (sector_t)-1; - } - nblocks = DIV_ROUND_UP_ULL(capacity, queue_logical_block_size(q) >> 9); string_get_size(nblocks, queue_logical_block_size(q), -- cgit v1.2.3 From b71ba22e7c6c6b279c66f53ee7818709774efa1f Mon Sep 17 00:00:00 2001 From: Xie Yongji Date: Mon, 17 May 2021 16:43:32 +0800 Subject: virtio-blk: Fix memory leak among suspend/resume procedure The vblk->vqs should be freed before we call init_vqs() in virtblk_restore(). Signed-off-by: Xie Yongji Link: https://lore.kernel.org/r/20210517084332.280-1-xieyongji@bytedance.com Acked-by: Jason Wang Signed-off-by: Michael S. Tsirkin --- drivers/block/virtio_blk.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers/block') diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index 6dda64fec743..c3e260d5bdd0 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -929,6 +929,8 @@ static int virtblk_freeze(struct virtio_device *vdev) blk_mq_quiesce_queue(vblk->disk->queue); vdev->config->del_vqs(vdev); + kfree(vblk->vqs); + return 0; } -- cgit v1.2.3 From 63947b3434f475418b9677a393d025c0962c2cf8 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Mon, 24 May 2021 16:40:20 +0100 Subject: virtio-blk: limit seg_max to a safe value The struct virtio_blk_config seg_max value is read from the device and incremented by 2 to account for the request header and status byte descriptors added by the driver. In preparation for supporting untrusted virtio-blk devices, protect against integer overflow and limit the value to a safe maximum. Signed-off-by: Stefan Hajnoczi Link: https://lore.kernel.org/r/20210524154020.98195-1-stefanha@redhat.com Reviewed-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin --- drivers/block/virtio_blk.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'drivers/block') diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index c3e260d5bdd0..4b49df2dfd23 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -21,6 +21,9 @@ #define VQ_NAME_LEN 16 #define MAX_DISCARD_SEGMENTS 256u +/* The maximum number of sg elements that fit into a virtqueue */ +#define VIRTIO_BLK_MAX_SG_ELEMS 32768 + static int major; static DEFINE_IDA(vd_index_ida); @@ -721,7 +724,10 @@ static int virtblk_probe(struct virtio_device *vdev) if (err || !sg_elems) sg_elems = 1; - /* We need an extra sg elements at head and tail. */ + /* Prevent integer overflows and honor max vq size */ + sg_elems = min_t(u32, sg_elems, VIRTIO_BLK_MAX_SG_ELEMS - 2); + + /* We need extra sg elements at head and tail. */ sg_elems += 2; vdev->priv = vblk = kmalloc(sizeof(*vblk), GFP_KERNEL); if (!vblk) { -- cgit v1.2.3