From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: zhenwei pi <pizhenwei@bytedance.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
Sasha Levin <sashal@kernel.org>,
jasowang@redhat.com, axboe@kernel.dk,
virtualization@lists.linux.dev, linux-block@vger.kernel.org
Subject: [PATCH AUTOSEL 6.5 5/7] virtio-blk: fix implicit overflow on virtio_max_dma_size
Date: Sun, 12 Nov 2023 08:23:37 -0500 [thread overview]
Message-ID: <20231112132347.174334-5-sashal@kernel.org> (raw)
In-Reply-To: <20231112132347.174334-1-sashal@kernel.org>
From: zhenwei pi <pizhenwei@bytedance.com>
[ Upstream commit fafb51a67fb883eb2dde352539df939a251851be ]
The following codes have an implicit conversion from size_t to u32:
(u32)max_size = (size_t)virtio_max_dma_size(vdev);
This may lead overflow, Ex (size_t)4G -> (u32)0. Once
virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX
instead.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20230904061045.510460-1-pizhenwei@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/virtio_blk.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 1fe011676d070..4a4b9bad551e8 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -1313,6 +1313,7 @@ static int virtblk_probe(struct virtio_device *vdev)
u16 min_io_size;
u8 physical_block_exp, alignment_offset;
unsigned int queue_depth;
+ size_t max_dma_size;
if (!vdev->config->get) {
dev_err(&vdev->dev, "%s failure: config access disabled\n",
@@ -1411,7 +1412,8 @@ static int virtblk_probe(struct virtio_device *vdev)
/* No real sector limit. */
blk_queue_max_hw_sectors(q, UINT_MAX);
- max_size = virtio_max_dma_size(vdev);
+ max_dma_size = virtio_max_dma_size(vdev);
+ max_size = max_dma_size > U32_MAX ? U32_MAX : max_dma_size;
/* Host can optionally specify maximum segment size and number of
* segments. */
--
2.42.0
next prev parent reply other threads:[~2023-11-12 13:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-12 13:23 [PATCH AUTOSEL 6.5 1/7] i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Sasha Levin
2023-11-12 13:23 ` Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 2/7] i2c: i801: Add support for Intel Birch Stream SoC Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 3/7] i2c: fix memleak in i2c_new_client_device() Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 4/7] i2c: sun6i-p2wi: Prevent potential division by zero Sasha Levin
2023-11-12 13:23 ` Sasha Levin
2023-11-12 13:23 ` Sasha Levin [this message]
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 6/7] vhost-vdpa: clean iotlb map during reset for older userspace Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 7/7] i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data Sasha Levin
2023-11-12 13:23 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231112132347.174334-5-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=jasowang@redhat.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pizhenwei@bytedance.com \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.