Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3029338pxb; Mon, 18 Oct 2021 06:56:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyx5jUUrZxp6TxJLS+YZNG37r3tjImIn0huvTWeeBqgn32MD9JP5ru2VdgXpvpN0Vp/xcGr X-Received: by 2002:a65:6643:: with SMTP id z3mr24070752pgv.16.1634565385045; Mon, 18 Oct 2021 06:56:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634565385; cv=none; d=google.com; s=arc-20160816; b=GvED2QHn9Q88QPbbNutmeOblEKDJzloKg9sRqkdfvNgxERqp22IpiJIZVbFqJmVd1G hunVL4fSO84pjSJGjpMvonyrd7iNG/LRs71aGoM3b88ZoH9mj1UmG+ogAlvgdUREiN3h sjYfhF684udLRSIgRlkXcbd+Lq4evkRPmdnacuSaSWcE13mKoLjek/vzCmpImRxmaKv0 m3VnXsoUbhy5UevYPyuFuu8eQhck18zK4FrrbPwv7XKduxSwG9UyRW4+Vz8MEv9B7G3G tFHOaiFO0JM0mhxQapbC7YYDPugXTZhTryaI2IC1jKw9v99ueHF9c1PXiDiFeoNtd6S7 RbUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gJ5jveOEhPESOtErpKY4nq8ZgQGFXt6cfvkNL7XK/6E=; b=WRyc06hF4UabSi7i5VrVMmEDx7OCAC0tR+YL1iAZ1D+y8vlUXbFtHSy7R3x1WVxAxh UsivqKm1KKe87a0kZDUt0HrPQfEFSgzX7Rrj75uvgVlNpwCDFq2wqZXud85ra0wuCCQb Q2rZIeGjYJrGrJ/Fi9MUFhsMEH6MRTdZ0ThwCZ5NRTEUMCC4VBXIykURGur6FINH2QWL KDaGL6JxWiboKxDm+Kr376vydBlhjNfEBKLrBWDk8f8qMA2dKf+dwwAvj6rgyXLIeppp Schjq9XuwnKyDD17JuVyPxjzHsAeybN6FniVT8y8k5EIL3VOiyV+etDYkwPyGzFW13j5 7pDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OSZirEdK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q82si2119978pgq.66.2021.10.18.06.56.10; Mon, 18 Oct 2021 06:56:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OSZirEdK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234451AbhJRN4D (ORCPT + 99 others); Mon, 18 Oct 2021 09:56:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:58168 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234457AbhJRNxz (ORCPT ); Mon, 18 Oct 2021 09:53:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 22F51619E5; Mon, 18 Oct 2021 13:39:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1634564358; bh=N2J78hwogc9FKBO7wWEoEnUM8+mUkfXV5928r1UksnQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OSZirEdKY6wRNgTYpZI25TEumhC7pqZYmeBV7FjxG1kOlhy9ydP+yzC6oomG9GBr+ fY/GtKomCGDD7AMSuou+wdbBAmrcxLMYRHbG/18CS8CyPx3xbf2NMB7pfVh8L0HDmX hYSEZz6eIweIgEXWL0l4FZ0HF3/nSeKd2SdUXWIU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xie Yongji , "Michael S. Tsirkin" Subject: [PATCH 5.14 059/151] Revert "virtio-blk: Add validation for block size in config space" Date: Mon, 18 Oct 2021 15:23:58 +0200 Message-Id: <20211018132342.609512899@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211018132340.682786018@linuxfoundation.org> References: <20211018132340.682786018@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Michael S. Tsirkin commit ff63198850f33eab54b2da6905380fd4d4fc0739 upstream. It turns out that access to config space before completing the feature negotiation is broken for big endian guests at least with QEMU hosts up to 6.1 inclusive. This affects any device that accesses config space in the validate callback: at the moment that is virtio-net with VIRTIO_NET_F_MTU but since 82e89ea077b9 ("virtio-blk: Add validation for block size in config space") that also started affecting virtio-blk with VIRTIO_BLK_F_BLK_SIZE. Further, unlike VIRTIO_NET_F_MTU which is off by default on QEMU, VIRTIO_BLK_F_BLK_SIZE is on by default, which resulted in lots of people not being able to boot VMs on BE. The spec is very clear that what we are doing is legal so QEMU needs to be fixed, but given it's been broken for so many years and no one noticed, we need to give QEMU a bit more time before applying this. Further, this patch is incomplete (does not check blk size is a power of two) and it duplicates the logic from nbd. Revert for now, and we'll reapply a cleaner logic in the next release. Cc: stable@vger.kernel.org Fixes: 82e89ea077b9 ("virtio-blk: Add validation for block size in config space") Cc: Xie Yongji Signed-off-by: Michael S. Tsirkin Signed-off-by: Greg Kroah-Hartman --- drivers/block/virtio_blk.c | 39 ++++++--------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -692,28 +692,6 @@ static const struct blk_mq_ops virtio_mq static unsigned int virtblk_queue_depth; module_param_named(queue_depth, virtblk_queue_depth, uint, 0444); -static int virtblk_validate(struct virtio_device *vdev) -{ - u32 blk_size; - - if (!vdev->config->get) { - dev_err(&vdev->dev, "%s failure: config access disabled\n", - __func__); - return -EINVAL; - } - - if (!virtio_has_feature(vdev, VIRTIO_BLK_F_BLK_SIZE)) - return 0; - - blk_size = virtio_cread32(vdev, - offsetof(struct virtio_blk_config, blk_size)); - - if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE) - __virtio_clear_bit(vdev, VIRTIO_BLK_F_BLK_SIZE); - - return 0; -} - static int virtblk_probe(struct virtio_device *vdev) { struct virtio_blk *vblk; @@ -725,6 +703,12 @@ static int virtblk_probe(struct virtio_d u8 physical_block_exp, alignment_offset; unsigned int queue_depth; + if (!vdev->config->get) { + dev_err(&vdev->dev, "%s failure: config access disabled\n", + __func__); + return -EINVAL; + } + err = ida_simple_get(&vd_index_ida, 0, minor_to_index(1 << MINORBITS), GFP_KERNEL); if (err < 0) @@ -839,14 +823,6 @@ static int virtblk_probe(struct virtio_d else blk_size = queue_logical_block_size(q); - if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE) { - dev_err(&vdev->dev, - "block size is changed unexpectedly, now is %u\n", - blk_size); - err = -EINVAL; - goto err_cleanup_disk; - } - /* Use topology information if available */ err = virtio_cread_feature(vdev, VIRTIO_BLK_F_TOPOLOGY, struct virtio_blk_config, physical_block_exp, @@ -905,8 +881,6 @@ static int virtblk_probe(struct virtio_d device_add_disk(&vdev->dev, vblk->disk, virtblk_attr_groups); return 0; -err_cleanup_disk: - blk_cleanup_disk(vblk->disk); out_free_tags: blk_mq_free_tag_set(&vblk->tag_set); out_free_vq: @@ -1009,7 +983,6 @@ static struct virtio_driver virtio_blk = .driver.name = KBUILD_MODNAME, .driver.owner = THIS_MODULE, .id_table = id_table, - .validate = virtblk_validate, .probe = virtblk_probe, .remove = virtblk_remove, .config_changed = virtblk_config_changed,