Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1657324pxb; Mon, 23 Aug 2021 01:08:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLcO5w5BHN+kpU5QNxRZ9rWDHARIgcor3aNC2EiwTCFpBWWDNZ2myQw/xXuEBPfB0WZ5L1 X-Received: by 2002:a5d:83c4:: with SMTP id u4mr25959073ior.21.1629706139368; Mon, 23 Aug 2021 01:08:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1629706139; cv=pass; d=google.com; s=arc-20160816; b=mus+ucxJjErM0wEFcNOhchTZpeUB+UCYFHP3BMujaiv0M5USnSF05CoJDP/vj9Q28G M/YPITTd3aINSSJnKDOAOKGtfqaECvOfO5n7GnCuSzcLcOp6oCeX81tLqm4NkAYwx7bO qajds5Sm7BLicjyvG4Ngj418BpsZNSEsTnHFADyx6Lu6oEsAYw/VcB0cQEdcM+o8J5qO Qi9YTWTjXXH5a19qppx2xSnsiNiuuUFsKePFZd+GaDDGnKsMm0o+u/pkFSvDwx5iBbs1 R4zjt8R6MfrYqBhr8OqJn9eCp21gTZuMEr0Ia7FkXxZLJtnvBdnk5IHP0Wqz+61pO0py X2yA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=VhdselU5CoedNTOIQqE/3jjkl/DQt8KPniAvNttP8Ds=; b=uQt1dpkkKiKwmY3KFimXCk3YiDRDmiZ0U2McYv45oWDg0LtgevEE4ZbNhf+FJKFAbI uaTAwYf5bQTzpRbCqkHiZAQlcn1Qyj2lSGenRyIK6R2+Vz6xCHYzTbMscS7U3jMmOZp3 jm4bgTzSMHQC0VXLLMaHN07gj+gdZGwHQ7f4u7n4FTA3wS1lR+/AX36kqIcn5Y2hmb0m FUdBKtrH+1HQmoKNCE3BwqX68Y4cC8RKQV2qU5+ehN+LaFoRBOIAfbg9xXhEPsu5/vzl wlPvvmjF63gkNpZwahXUTjbFOw/3qYXG4axD3vUdCHoAI/D+OyLMhsHcU44tsVvLFEho VAEA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=KjlxNXMR; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w13si8768723ilu.26.2021.08.23.01.08.47; Mon, 23 Aug 2021 01:08:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=KjlxNXMR; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235436AbhHWIHx (ORCPT + 99 others); Mon, 23 Aug 2021 04:07:53 -0400 Received: from mail-mw2nam12on2084.outbound.protection.outlook.com ([40.107.244.84]:35008 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235382AbhHWIHu (ORCPT ); Mon, 23 Aug 2021 04:07:50 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PJEgl2UpRZOOiIYS8euS95dlwtmT8zpd3W5QhuLzxEE4MYohM561DRdOXcWZUCb/7qBb8E1bLNndEn8ctlhFDT8kK6Vc9lgvp4Yed7OrSBj0kCjKZC1rFuRd+u7bSfEacMwfL1zhIQxIIABm2vIdc9tWGd5XOX/GgjF5bkzrphWW78OHE5hyvbawWaDv07wlXTg+sltB0+6Qlp0eYI8zQayvxzg+uYQsoDexKl6mXfapPswOu954aRVdOaza3z/nKxe9k257yOzzaBD3tDAh4vBgnu4pE9b6rbaqJ6w2yg4F6zQ3eYtYz3tbiVwgSo7RDeTmxlN35QgNZ89ihChC4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VhdselU5CoedNTOIQqE/3jjkl/DQt8KPniAvNttP8Ds=; b=MqMStXkcJex2ZatZvyJopReUfZgQDMZxuBLDHURol/LanGfNOYb3+rqJtZJmDH9S7r5hcGHVG00SSuzWgy/6FatLu0q+iEppLDaK1KAuLNar2/EdEWBCGr8FqcsHobwVdRmYU5PiKfjkZ2qB2R33MPEVAyIEmSPe893RnI2t2zSzpCoQYMMAfvq4E8E+1F+aGKebhgcrxswMpXm7rB64xCeJvY95Nbb+9k6bLPPAEtqqImt7cCQeUnWDSm8SgBgNRE285jLyHZq6VwkwF3HQ1naXYKbfz+mpSsTJVyzSoutcegtjpqjQa6gwzL2fMKw6JLseRlUS74vKcgsyX7Bk6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VhdselU5CoedNTOIQqE/3jjkl/DQt8KPniAvNttP8Ds=; b=KjlxNXMRSijpW9iZAmaIR2ID61hhrbCuJTkAZidIctbdHXE0upJ+GxfWH86sq+VGvBbnKgm0enz5wcQSl44kR2XN11EXu5uEobzda0GXtZfDOe1YgXj+bYbkKW8Hxty7w046d2qeIHFrOb+Ifnx1kwIUuHwolO5rCVBkHpsNdxYgP2idnDbqAVH7G1IAZc7NuwD2ioIXNl7MdO0VDgFxSbJIV2ni3MhIPR0cQWX/oLYWtBqMiQ0/cD95/mXcllJejOAPXUVPVrkEzsSzeAd8UA5fpKsPHeIajKy28WIaDGKSYTo1cTKgWygCblzznOmpF7dt5PBin1v2Lor+tFzrCw== Received: from BN7PR06CA0056.namprd06.prod.outlook.com (2603:10b6:408:34::33) by MN2PR12MB4376.namprd12.prod.outlook.com (2603:10b6:208:26c::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Mon, 23 Aug 2021 08:07:07 +0000 Received: from BN8NAM11FT065.eop-nam11.prod.protection.outlook.com (2603:10b6:408:34:cafe::aa) by BN7PR06CA0056.outlook.office365.com (2603:10b6:408:34::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Mon, 23 Aug 2021 08:07:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by BN8NAM11FT065.mail.protection.outlook.com (10.13.177.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4436.19 via Frontend Transport; Mon, 23 Aug 2021 08:07:06 +0000 Received: from [172.27.13.55] (172.20.187.5) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 23 Aug 2021 08:07:04 +0000 Subject: Re: [PATCH v5] virtio-blk: Add validation for block size in config space To: Yongji Xie CC: "Michael S. Tsirkin" , Jason Wang , Stefan Hajnoczi , virtualization , , linux-kernel References: <20210809101609.148-1-xieyongji@bytedance.com> From: Max Gurtovoy Message-ID: Date: Mon, 23 Aug 2021 11:07:00 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [172.20.187.5] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: face7966-76ae-47cf-d853-08d9660cfff4 X-MS-TrafficTypeDiagnostic: MN2PR12MB4376: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: D08sBf67f3LivzQ121lJ7PumLE6dFZAkzYGRW70uxWCCBwdWNyqi6urKC+g18z+wR3U7nC1+RKHm/my9UMzXm3VGBKd0pBuFQqLBhkirKAPP+1p76cvNt8P9j2GjievhfEy3VQav2yVmkdOQXlbZf8EUc05isk56RbXEe31sVKpk390Mj2pPkFvJWI4cx8ZLb6FlmPfh6Id/qyS3oAPA2CYgenDk7DVAEQrrFJVry4rHabGvS9nmlz1V4pcZoU0M0bZE41k3U1H8UFEjvD7AAvL1CD5iKEEsaOB6mQsYJ9NRscCXlCs129C6WfqAA8xcbZoLRifgTKXzuJybcFbsRQK2etMr54eEE+v4+DoUhu/4+0gNF55AZ6kWgW3McogFJtLfG8MBkt8ezhtH4nLAwGJvDDwXr1AKfxVtuc2S9p6Xk7OAFPYgwElTYS0yv+O+PgIHlHYFxwststUCuXtYCl/nf2O2rG5+nQDDaFB2ReuaafjeL2ohcrA508QgNPEAnp0P9Hm2PjTi0T2Xh1OzndUyDWxMTqr8WTKAyQlRzVTLAnh6pa/F2u0Op5pLU+QMQCFHw+jfcfNvH0nlE9Iq+zAiUTphGrVzH4jMU2c4rS5Dej+9+p+fp3H/1SpSdR4akp0GZo6ABeLBTAqYPOaysW+Xxs1zqx9B/zFrYL33v9uaBcy9CacTyhChrOJDoROxTQxut7hs2XFwdlcz7tQFSKGO6oDIeZNXcdXsdbQK4exzLXP8Jbs7CDAM3prCOdI81dSZ6LMpFBTzqDGe3jc0tdiu0vGQ64J9aKGNNewS1IGUUQGmteVzHevRrbNNRVd6 X-Forefront-Antispam-Report: CIP:216.228.112.34;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:schybrid03.nvidia.com;CAT:NONE;SFS:(4636009)(396003)(39860400002)(136003)(346002)(376002)(36840700001)(46966006)(70206006)(82310400003)(53546011)(83380400001)(2906002)(6666004)(70586007)(86362001)(7636003)(82740400003)(36860700001)(356005)(16526019)(426003)(336012)(4326008)(26005)(8676002)(8936002)(966005)(16576012)(478600001)(54906003)(36756003)(316002)(5660300002)(31686004)(2616005)(36906005)(47076005)(6916009)(31696002)(186003)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2021 08:07:06.7913 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: face7966-76ae-47cf-d853-08d9660cfff4 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.34];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT065.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4376 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/23/2021 7:31 AM, Yongji Xie wrote: > On Mon, Aug 23, 2021 at 7:17 AM Max Gurtovoy wrote: >> >> On 8/9/2021 1:16 PM, Xie Yongji wrote: >>> An untrusted device might presents an invalid block size >>> in configuration space. This tries to add validation for it >>> in the validate callback and clear the VIRTIO_BLK_F_BLK_SIZE >>> feature bit if the value is out of the supported range. >> This is not clear to me. What is untrusted device ? is it a buggy device ? >> > A buggy device, the devices in an encrypted VM, or a userspace device > created by VDUSE [1]. > > [1] https://lore.kernel.org/kvm/20210818120642.165-1-xieyongji@bytedance.com/ if it's a userspace device, why don't you fix its control path code instead of adding workarounds in the kernel driver ? > >> What is the return value for the blk_size in this case that you try to >> override ? >> > The value that is larger than PAGE_SIZE. I think the block layer can > not handle the block size that is larger than PAGE_SIZE correctly, > e.g. in block_read_full_page(). > >>> And we also double check the value in virtblk_probe() in >>> case that it's changed after the validation. >>> >>> Signed-off-by: Xie Yongji >>> --- >>> drivers/block/virtio_blk.c | 39 +++++++++++++++++++++++++++++++++------ >>> 1 file changed, 33 insertions(+), 6 deletions(-) >>> >>> diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c >>> index 4b49df2dfd23..afb37aac09e8 100644 >>> --- a/drivers/block/virtio_blk.c >>> +++ b/drivers/block/virtio_blk.c >>> @@ -692,6 +692,28 @@ static const struct blk_mq_ops virtio_mq_ops = { >>> static unsigned int virtblk_queue_depth; >>> module_param_named(queue_depth, virtblk_queue_depth, uint, 0444); >>> >>> +static int virtblk_validate(struct virtio_device *vdev) >>> +{ >>> + u32 blk_size; >>> + >>> + if (!vdev->config->get) { >>> + dev_err(&vdev->dev, "%s failure: config access disabled\n", >>> + __func__); >>> + return -EINVAL; >>> + } >>> + >>> + if (!virtio_has_feature(vdev, VIRTIO_BLK_F_BLK_SIZE)) >>> + return 0; >>> + >>> + blk_size = virtio_cread32(vdev, >>> + offsetof(struct virtio_blk_config, blk_size)); >>> + >>> + if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE) >>> + __virtio_clear_bit(vdev, VIRTIO_BLK_F_BLK_SIZE); >> is it PAGE_SIZE or SZ_4K ? >> >> Do we support a 64K blk size (PPC PAGE_SIZE) >> > I think PAGE_SIZE should be OK here. I didn't see a hard 4K limitation > in the kernel. NBD did the same check: > > static int nbd_set_size(struct nbd_device *nbd, loff_t bytesize, loff_t blksize) > { > if (!blksize) > blksize = NBD_DEF_BLKSIZE; > if (blksize < 512 || blksize > PAGE_SIZE || !is_power_of_2(blksize)) > return -EINVAL; > > Thanks, > Yongji