Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp748188imm; Thu, 13 Sep 2018 07:11:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdafLix31N1qyRG2X3a5Fla3PTqjNN1CTiIp/a37RPPth1kl1DpGfuYPxqVL2yLArW8hYZs9 X-Received: by 2002:a62:4dc1:: with SMTP id a184-v6mr7661800pfb.5.1536847889219; Thu, 13 Sep 2018 07:11:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536847889; cv=none; d=google.com; s=arc-20160816; b=Rmc60uXFf7XAqY6/ToZoTPXd20tLoiCe7beBzyb/bsoWqGCTBXvhmptN3nlQ8kV7YG MuLfXmbMbU0ydg/w0LjxREnBp7/QVeE541LYcZ3pHgGxR8cGpnkaXmHf9tw3b9uPA5u6 SGNpyHuKcW3F65enledAXkhZ4XjasdXy5ar2W7H6Pslj8yO42UW+vNXdSCZv5vhz3dlj YkcKA1e99oB9oVPOgpnWLoGZseQBIm7Z1DHK3l0kZy/Da00fpPJAzJd62aFzhVNY7aS1 hdh7wHzFwYEGPPVEtyeK/Dp5tm84ITKQB1WVyLZLtdJElMWcb90DXs4mWIxDkWfWppyS zaEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=ndI4wLor9czVkdBHqOiB9ekqfpEOGSayfEcLkmz5IzQ=; b=LOI2XBzLi30tAtpEYLjD0i6Bqd1g1Nxn5JqELwjTm3u7coNDPvLKi67NyQzR2Bxyj0 kRT4sQ2AqTmSembcAtWdO//9+jXZKIywQjbBDsUeHCepxqigDUwGmGAkmqR/TDAF9gK+ GKje+ISJyYmcciX4WwQFwXB71PtS6PZoszl3jPv3DGtgbQDGsReuRBX3MtCOnDweCYg5 2ZcYA3JPuZFnxDNXdOoH1i2a3ISNIYeK2TZDMiNpQnO9gXQsQmCsW5fYTaopRKIK9Gca WGXPxCWnh2micWMtQVa1yIpaVzMkJ0mQv4vZLxV4s2IBbNeug+AAvq5X5jIqjRn0RfDB VDYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2-v6si4443082pgg.422.2018.09.13.07.11.10; Thu, 13 Sep 2018 07:11:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730861AbeIMTDL (ORCPT + 99 others); Thu, 13 Sep 2018 15:03:11 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:33688 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728810AbeIMTDL (ORCPT ); Thu, 13 Sep 2018 15:03:11 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id F05F5CE7; Thu, 13 Sep 2018 13:53:34 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Michael S. Tsirkin" , Jason Wang , Marc Zyngier , Christoffer Dall , Peter Maydel , Jean-Philippe Brucker , Suzuki K Poulose , Sasha Levin Subject: [PATCH 4.18 053/197] virtio: pci-legacy: Validate queue pfn Date: Thu, 13 Sep 2018 15:30:02 +0200 Message-Id: <20180913131843.651175379@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180913131841.568116777@linuxfoundation.org> References: <20180913131841.568116777@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Suzuki K Poulose [ Upstream commit 69599206ea9a3f8f2e94d46580579cbf9d08ad6c ] Legacy PCI over virtio uses a 32bit PFN for the queue. If the queue pfn is too large to fit in 32bits, which we could hit on arm64 systems with 52bit physical addresses (even with 64K page size), we simply miss out a proper link to the other side of the queue. Add a check to validate the PFN, rather than silently breaking the devices. Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Marc Zyngier Cc: Christoffer Dall Cc: Peter Maydel Cc: Jean-Philippe Brucker Signed-off-by: Suzuki K Poulose Signed-off-by: Michael S. Tsirkin Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/virtio/virtio_pci_legacy.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/drivers/virtio/virtio_pci_legacy.c +++ b/drivers/virtio/virtio_pci_legacy.c @@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct struct virtqueue *vq; u16 num; int err; + u64 q_pfn; /* Select the queue we're interested in */ iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL); @@ -141,9 +142,17 @@ static struct virtqueue *setup_vq(struct if (!vq) return ERR_PTR(-ENOMEM); + q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT; + if (q_pfn >> 32) { + dev_err(&vp_dev->pci_dev->dev, + "platform bug: legacy virtio-mmio must not be used with RAM above 0x%llxGB\n", + 0x1ULL << (32 + PAGE_SHIFT - 30)); + err = -E2BIG; + goto out_del_vq; + } + /* activate the queue */ - iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT, - vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); + iowrite32(q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY; @@ -160,6 +169,7 @@ static struct virtqueue *setup_vq(struct out_deactivate: iowrite32(0, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN); +out_del_vq: vring_del_virtqueue(vq); return ERR_PTR(err); }