Revert "virtio-blk: Add validation for block size in config space"

mainline inclusion from mainline-5.15 commit ff631988 category: bugfix bugzilla: NA CVE: NA ------------------------------------------------- It turns out that access to config space before completing the feature negotiation is broken for big endian guests at least with QEMU hosts up to 6.1 inclusive. This affects any device that accesses config space in the validate callback: at the moment that is virtio-net with VIRTIO_NET_F_MTU but since 82e89ea0 ("virtio-blk: Add validation for block size in config space") that also started affecting virtio-blk with VIRTIO_BLK_F_BLK_SIZE. Further, unlike VIRTIO_NET_F_MTU which is off by default on QEMU, VIRTIO_BLK_F_BLK_SIZE is on by default, which resulted in lots of people not being able to boot VMs on BE. The spec is very clear that what we are doing is legal so QEMU needs to be fixed, but given it's been broken for so many years and no one noticed, we need to give QEMU a bit more time before applying this. Further, this patch is incomplete (does not check blk size is a power of two) and it duplicates the logic from nbd. Revert for now, and we'll reapply a cleaner logic in the next release. Cc: stable@vger.kernel.org Fixes: 82e89ea0 ("virtio-blk: Add validation for block size in config space") Cc: Xie Yongji <xieyongji@bytedance.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Signed-off-by: N Wenchao Hao <haowenchao@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Reviewed-by: N Miaohe Lin <linmiaohe@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

Revert "virtio-blk: Add validation for block size in config space"
mainline inclusion from mainline-5.15 commit ff631988 category: bugfix bugzilla: NA CVE: NA ------------------------------------------------- It turns out that access to config space before completing the feature negotiation is broken for big endian guests at least with QEMU hosts up to 6.1 inclusive. This affects any device that accesses config space in the validate callback: at the moment that is virtio-net with VIRTIO_NET_F_MTU but since 82e89ea0 ("virtio-blk: Add validation for block size in config space") that also started affecting virtio-blk with VIRTIO_BLK_F_BLK_SIZE. Further, unlike VIRTIO_NET_F_MTU which is off by default on QEMU, VIRTIO_BLK_F_BLK_SIZE is on by default, which resulted in lots of people not being able to boot VMs on BE. The spec is very clear that what we are doing is legal so QEMU needs to be fixed, but given it's been broken for so many years and no one noticed, we need to give QEMU a bit more time before applying this. Further, this patch is incomplete (does not check blk size is a power of two) and it duplicates the logic from nbd. Revert for now, and we'll reapply a cleaner logic in the next release. Cc: stable@vger.kernel.org Fixes: 82e89ea0 ("virtio-blk: Add validation for block size in config space") Cc: Xie Yongji <xieyongji@bytedance.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Signed-off-by: N Wenchao Hao <haowenchao@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Reviewed-by: N Miaohe Lin <linmiaohe@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
0df07d96 · Michael S. Tsirkin · Yang Yingliang · f3728a9d · 0df07d96
隐藏空白更改
内联并排

Showing with 6 addition and 33 deletion

drivers/block/virtio_blk.c drivers/block/virtio_blk.c +6 -33

未找到文件。
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -786,28 +786,6 @@ static const struct blk_mq_ops virtio_mq_ops = {
 static unsigned int virtblk_queue_depth;
 module_param_named(queue_depth, virtblk_queue_depth, uint, 0444);
-static int virtblk_validate(struct virtio_device *vdev)
-{
-	u32 blk_size;
-	if (!vdev->config->get) {
-		dev_err(&vdev->dev, "%s failure: config access disabled\n",
-			__func__);
-		return -EINVAL;
-	}
-	if (!virtio_has_feature(vdev, VIRTIO_BLK_F_BLK_SIZE))
-		return 0;
-	blk_size = virtio_cread32(vdev,
-			offsetof(struct virtio_blk_config, blk_size));
-	if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE)
-		__virtio_clear_bit(vdev, VIRTIO_BLK_F_BLK_SIZE);
-	return 0;
-}
 static int virtblk_probe(struct virtio_device *vdev)
 {
 	struct virtio_blk *vblk;
@@ -818,6 +796,12 @@ static int virtblk_probe(struct virtio_device *vdev)
 	u16 min_io_size;
 	u8 physical_block_exp, alignment_offset;
+	if (!vdev->config->get) {
+		dev_err(&vdev->dev, "%s failure: config access disabled\n",
+			__func__);
+		return -EINVAL;
+	}
 	err = ida_simple_get(&vd_index_ida, 0, minor_to_index(1 << MINORBITS),
 			     GFP_KERNEL);
 	if (err < 0)
@@ -933,14 +917,6 @@ static int virtblk_probe(struct virtio_device *vdev)
 	else
 		blk_size = queue_logical_block_size(q);
-	if (unlikely(blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE)) {
-		dev_err(&vdev->dev,
-			"block size is changed unexpectedly, now is %u\n",
-			blk_size);
-		err = -EINVAL;
-		goto err_cleanup_disk;
-	}
 	/* Use topology information if available */
 	err = virtio_cread_feature(vdev, VIRTIO_BLK_F_TOPOLOGY,
 				   struct virtio_blk_config, physical_block_exp,
@@ -1000,8 +976,6 @@ static int virtblk_probe(struct virtio_device *vdev)
 	device_add_disk(&vdev->dev, vblk->disk);
 	return 0;
-err_cleanup_disk:
-	blk_cleanup_queue(vblk->disk->queue);
 out_free_tags:
 	blk_mq_free_tag_set(&vblk->tag_set);
 out_put_disk:
@@ -1111,7 +1085,6 @@ static struct virtio_driver virtio_blk = {
 	.driver.name			= KBUILD_MODNAME,
 	.driver.owner			= THIS_MODULE,
 	.id_table			= id_table,
-	.validate			= virtblk_validate,
 	.probe				= virtblk_probe,
 	.remove				= virtblk_remove,
 	.config_changed			= virtblk_config_changed,