Received: by 10.213.65.68 with SMTP id h4csp654675imn; Tue, 27 Mar 2018 06:26:13 -0700 (PDT) X-Google-Smtp-Source: AG47ELuI1qiQlstj+tKwCB1ge5RRBaukPGt4lSl+X19UmSFVuUnJDono+NOtlCh0AbVIV7AUf4M9 X-Received: by 10.101.78.202 with SMTP id w10mr14729006pgq.404.1522157173734; Tue, 27 Mar 2018 06:26:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522157173; cv=none; d=google.com; s=arc-20160816; b=eXHh62FGorYqdqsbQtqh7eGqhdnlOiuFX7+SFFXTc2F6KrtYKs1wj7Mqfitc4szq5+ IG/7eMNEemHUSAaiDprNwP1eLoMjaDvj27TEGIqBVDyRJXX/LSit0LwBFJ7GtD+QWoop I/Hc7xrHcpjFUq3gNJmHxU19NKRQM6+e67zqd6BKs/LYvgseZbqBT3oouFsc/iuX1jgx JJxQyH+97Ejh3HTsHpq+2mMrGWpl8vfmuqaGP3h0KNZldO5nU3uzIMlZWSvdHjzVTQd4 AV++CTu7N26X4Xj6XnPWSlTzcRiG7wSn2w7Me6zlVrid+kDLmvcxiapXgXADBeDwdtvL B+XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=wQdUM3XGmK497SIPQggNo/xB6wKviS2FDCy07Eb3AGU=; b=KYLuQ/Qt0BP2JRekk/f1zPDw8fu3X7WT5K2N3POYI+l6mKHuxIL5nhdo8vkBXVw74D eMaca6X06178r2yk3kPXzKfQkT06dSRS0cPoGUXIEkyBbc1XzJPtIlX4IwlNPBrhQpKB yHgOcRpYJuzp2YzoMBN30yt0pqF09t80h0ntmcAFssx4jQSSaBsx56ufY+Svet6f4+Dr 9i47nwyPOcUpPQ5C6HiEheo84P/1Zggf0hGTqrZ9Hxuj/g0r2nauoft/YYK7vtfiqPdW 0YP2CDUUKXoE+UFRIJVFMmQqKzKBoD+3eJlp3wRejpPWUoGVP2RHnQ5euIQR07EAUNTM DeSQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d68si931256pfl.337.2018.03.27.06.25.59; Tue, 27 Mar 2018 06:26:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752584AbeC0NQM (ORCPT + 99 others); Tue, 27 Mar 2018 09:16:12 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:54986 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752447AbeC0NQH (ORCPT ); Tue, 27 Mar 2018 09:16:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C3FC015AB; Tue, 27 Mar 2018 06:16:06 -0700 (PDT) Received: from en101.cambridge.arm.com (en101.cambridge.arm.com [10.1.206.73]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B0E613F24A; Tue, 27 Mar 2018 06:16:03 -0700 (PDT) From: Suzuki K Poulose To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, cdall@kernel.org, marc.zyngier@arm.com, punit.agrawal@arm.com, will.deacon@arm.com, catalin.marinas@arm.com, pbonzini@redhat.com, rkrcmar@redhat.com, ard.biesheuvel@linaro.org, peter.maydell@linaro.org, kristina.martsenko@arm.com, mark.rutland@arm.com, Suzuki K Poulose , "Michael S. Tsirkin" , Jason Wang , Jean-Philippe Brucker Subject: [PATCH v2 02/17] virtio: pci-legacy: Validate queue pfn Date: Tue, 27 Mar 2018 14:15:12 +0100 Message-Id: <1522156531-28348-3-git-send-email-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522156531-28348-1-git-send-email-suzuki.poulose@arm.com> References: <1522156531-28348-1-git-send-email-suzuki.poulose@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Legacy PCI over virtio uses a 32bit PFN for the queue. If the queue pfn is too large to fit in 32bits, which we could hit on arm64 systems with 52bit physical addresses (even with 64K page size), we simply miss out a proper link to the other side of the queue. Add a check to validate the PFN, rather than silently breaking the devices. Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Marc Zyngier Cc: Christoffer Dall Cc: Peter Maydel Cc: Jean-Philippe Brucker Signed-off-by: Suzuki K Poulose --- drivers/virtio/virtio_pci_legacy.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c index 2780886..4b84a75 100644 --- a/drivers/virtio/virtio_pci_legacy.c +++ b/drivers/virtio/virtio_pci_legacy.c @@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev, struct virtqueue *vq; u16 num; int err; + u64 q_pfn; /* Select the queue we're interested in */ iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL); @@ -141,9 +142,15 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev, if (!vq) return ERR_PTR(-ENOMEM); + q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT; + if (q_pfn >> 32) { + dev_err(&vp_dev->pci_dev->dev, "virtio-pci queue PFN too large\n"); + err = -ENOMEM; + goto out_del_vq; + } + /* activate the queue */ - iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT, - vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); + iowrite32((u32)q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY; @@ -160,6 +167,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev, out_deactivate: iowrite32(0, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); +out_del_vq: vring_del_virtqueue(vq); return ERR_PTR(err); } -- 2.7.4