virtio_mmio: Don't attempt to create empty virtqueues

If a virtio device reports a QueueNumMax of 0, vring_new_virtqueue() doesn't check this, and thanks to an unsigned (i < num - 1) loop guard, scribbles over memory when initialising the free list. Avoid by not trying to create zero-descriptor queues, as there's no way to do any I/O with one. Signed-off-by: N Brian Foley <brian.foley@arm.com> Signed-off-by: N Pawel Moll <pawel.moll@arm.com> Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>

virtio_mmio: Don't attempt to create empty virtqueues
If a virtio device reports a QueueNumMax of 0, vring_new_virtqueue() doesn't check this, and thanks to an unsigned (i < num - 1) loop guard, scribbles over memory when initialising the free list. Avoid by not trying to create zero-descriptor queues, as there's no way to do any I/O with one. Signed-off-by: N Brian Foley <brian.foley@arm.com> Signed-off-by: N Pawel Moll <pawel.moll@arm.com> Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>
d78b519f · Brian Foley · Rusty Russell · 3850d29f · d78b519f
隐藏空白更改
内联并排

Showing with 10 addition and 0 deletion

drivers/virtio/virtio_mmio.c drivers/virtio/virtio_mmio.c +10 -0

未找到文件。
--- a/drivers/virtio/virtio_mmio.c
+++ b/drivers/virtio/virtio_mmio.c
@@ -331,6 +331,16 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
 	 * and two rings (which makes it "alignment_size * 2")
 	 */
 	info->num = readl(vm_dev->base + VIRTIO_MMIO_QUEUE_NUM_MAX);
+
+	/* If the device reports a 0 entry queue, we won't be able to
+	 * use it to perform I/O, and vring_new_virtqueue() can't create
+	 * empty queues anyway, so don't bother to set up the device.
+	 */
+	if (info->num == 0) {
+		err = -ENOENT;
+		goto error_alloc_pages;
+	}
+
 	while (1) {
 		size = PAGE_ALIGN(vring_size(info->num,
 				VIRTIO_MMIO_VRING_ALIGN));