| Message ID | 20200819090732.155299-1-takahiro.akashi@linaro.org |
|---|---|
| State | Accepted |
| Commit | 6b0ddd1fbc6c8f7cbd0418e8a87d02404ad3dd9b |
| Headers | show |
| Series | virtio_blk: set log2blksz correctly | expand |
On Wed, Aug 19, 2020 at 5:08 PM AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > 'log2blksz' in blk_desc structure must always be initialized, otherwise > it will cause a lot of weird failures in file operations. > > For example, fs_set_blk_dev[_with_part]() examines a block device against > every file system with its probe function. In particular, ext4 file > system's ext4_probe() will calls fs_devread() to fetch a super block. > If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is > much bigger than a buffer's size, and it can end up with memory corruption. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > Fixes: f4802209e59d ("virtio: Add block driver support") > --- > drivers/virtio/virtio_blk.c | 1 + > 1 file changed, 1 insertion(+) > Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
On Wed, Aug 19, 2020 at 06:07:32PM +0900, AKASHI Takahiro wrote: > 'log2blksz' in blk_desc structure must always be initialized, otherwise > it will cause a lot of weird failures in file operations. > > For example, fs_set_blk_dev[_with_part]() examines a block device against > every file system with its probe function. In particular, ext4 file > system's ext4_probe() will calls fs_devread() to fetch a super block. > If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is > much bigger than a buffer's size, and it can end up with memory corruption. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > Fixes: f4802209e59d ("virtio: Add block driver support") > Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Applied to u-boot/master, thanks! -- Tom
diff --git a/drivers/virtio/virtio_blk.c b/drivers/virtio/virtio_blk.c index 992118c60758..1799f5c5eb36 100644 --- a/drivers/virtio/virtio_blk.c +++ b/drivers/virtio/virtio_blk.c @@ -115,6 +115,7 @@ static int virtio_blk_probe(struct udevice *dev) return ret; desc->blksz = 512; + desc->log2blksz = 9; virtio_cread(dev, struct virtio_blk_config, capacity, &cap); desc->lba = cap;
'log2blksz' in blk_desc structure must always be initialized, otherwise it will cause a lot of weird failures in file operations. For example, fs_set_blk_dev[_with_part]() examines a block device against every file system with its probe function. In particular, ext4 file system's ext4_probe() will calls fs_devread() to fetch a super block. If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is much bigger than a buffer's size, and it can end up with memory corruption. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: f4802209e59d ("virtio: Add block driver support") --- drivers/virtio/virtio_blk.c | 1 + 1 file changed, 1 insertion(+) -- 2.28.0