diff mbox series

virtio_blk: set log2blksz correctly

Message ID 20200819090732.155299-1-takahiro.akashi@linaro.org
State Accepted
Commit 6b0ddd1fbc6c8f7cbd0418e8a87d02404ad3dd9b
Headers show
Series virtio_blk: set log2blksz correctly | expand

Commit Message

AKASHI Takahiro Aug. 19, 2020, 9:07 a.m. UTC
'log2blksz' in blk_desc structure must always be initialized, otherwise
it will cause a lot of weird failures in file operations.

For example, fs_set_blk_dev[_with_part]() examines a block device against
every file system with its probe function. In particular, ext4 file
system's ext4_probe() will calls fs_devread() to fetch a super block.
If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is
much bigger than a buffer's size, and it can end up with memory corruption.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Fixes: f4802209e59d ("virtio: Add block driver support")
---
 drivers/virtio/virtio_blk.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.28.0

Comments

Bin Meng Aug. 19, 2020, 9:38 a.m. UTC | #1
On Wed, Aug 19, 2020 at 5:08 PM AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>

> 'log2blksz' in blk_desc structure must always be initialized, otherwise

> it will cause a lot of weird failures in file operations.

>

> For example, fs_set_blk_dev[_with_part]() examines a block device against

> every file system with its probe function. In particular, ext4 file

> system's ext4_probe() will calls fs_devread() to fetch a super block.

> If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is

> much bigger than a buffer's size, and it can end up with memory corruption.

>

> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

> Fixes: f4802209e59d ("virtio: Add block driver support")

> ---

>  drivers/virtio/virtio_blk.c | 1 +

>  1 file changed, 1 insertion(+)

>


Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tom Rini Aug. 25, 2020, 12:16 p.m. UTC | #2
On Wed, Aug 19, 2020 at 06:07:32PM +0900, AKASHI Takahiro wrote:

> 'log2blksz' in blk_desc structure must always be initialized, otherwise

> it will cause a lot of weird failures in file operations.

> 

> For example, fs_set_blk_dev[_with_part]() examines a block device against

> every file system with its probe function. In particular, ext4 file

> system's ext4_probe() will calls fs_devread() to fetch a super block.

> If log2blksz is 0, the actual 'read' size, i.e. block_len >> log2blksz, is

> much bigger than a buffer's size, and it can end up with memory corruption.

> 

> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

> Fixes: f4802209e59d ("virtio: Add block driver support")

> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>


Applied to u-boot/master, thanks!

-- 
Tom
diff mbox series

Patch

diff --git a/drivers/virtio/virtio_blk.c b/drivers/virtio/virtio_blk.c
index 992118c60758..1799f5c5eb36 100644
--- a/drivers/virtio/virtio_blk.c
+++ b/drivers/virtio/virtio_blk.c
@@ -115,6 +115,7 @@  static int virtio_blk_probe(struct udevice *dev)
 		return ret;
 
 	desc->blksz = 512;
+	desc->log2blksz = 9;
 	virtio_cread(dev, struct virtio_blk_config, capacity, &cap);
 	desc->lba = cap;