From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
kvm@vger.kernel.org, cdall@kernel.org, marc.zyngier@arm.com,
punit.agrawal@arm.com, will.deacon@arm.com,
catalin.marinas@arm.com, pbonzini@redhat.com, rkrcmar@redhat.com,
ard.biesheuvel@linaro.org, peter.maydell@linaro.org,
kristina.martsenko@arm.com, mark.rutland@arm.com,
Suzuki K Poulose <suzuki.poulose@arm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Subject: [PATCH v2 02/17] virtio: pci-legacy: Validate queue pfn
Date: Tue, 27 Mar 2018 14:15:12 +0100 [thread overview]
Message-ID: <1522156531-28348-3-git-send-email-suzuki.poulose@arm.com> (raw)
In-Reply-To: <1522156531-28348-1-git-send-email-suzuki.poulose@arm.com>
Legacy PCI over virtio uses a 32bit PFN for the queue. If the
queue pfn is too large to fit in 32bits, which we could hit on
arm64 systems with 52bit physical addresses (even with 64K page
size), we simply miss out a proper link to the other side of
the queue.
Add a check to validate the PFN, rather than silently breaking
the devices.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Christoffer Dall <cdall@kernel.org>
Cc: Peter Maydel <peter.maydell@linaro.org>
Cc: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
drivers/virtio/virtio_pci_legacy.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c
index 2780886..4b84a75 100644
--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c
@@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
struct virtqueue *vq;
u16 num;
int err;
+ u64 q_pfn;
/* Select the queue we're interested in */
iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL);
@@ -141,9 +142,15 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
if (!vq)
return ERR_PTR(-ENOMEM);
+ q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
+ if (q_pfn >> 32) {
+ dev_err(&vp_dev->pci_dev->dev, "virtio-pci queue PFN too large\n");
+ err = -ENOMEM;
+ goto out_del_vq;
+ }
+
/* activate the queue */
- iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT,
- vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
+ iowrite32((u32)q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY;
@@ -160,6 +167,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
out_deactivate:
iowrite32(0, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
+out_del_vq:
vring_del_virtqueue(vq);
return ERR_PTR(err);
}
--
2.7.4
next prev parent reply other threads:[~2018-03-27 13:16 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-27 13:15 [PATCH v2 00/17] kvm: arm64: Dynamic & 52bit IPA support Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 01/17] virtio: mmio-v1: Validate queue PFN Suzuki K Poulose
2018-03-27 14:07 ` Michael S. Tsirkin
2018-03-27 13:15 ` Suzuki K Poulose [this message]
2018-03-27 14:11 ` [PATCH v2 02/17] virtio: pci-legacy: Validate queue pfn Michael S. Tsirkin
2018-07-13 0:36 ` Michael S. Tsirkin
2018-07-13 8:54 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 03/17] arm64: Make page table helpers reusable Suzuki K Poulose
2018-04-26 10:54 ` Julien Grall
2018-03-27 13:15 ` [PATCH v2 04/17] arm64: Refactor pud_huge for reusability Suzuki K Poulose
2018-04-26 10:55 ` Julien Grall
2018-03-27 13:15 ` [PATCH v2 05/17] arm64: Helper for parange to PASize Suzuki K Poulose
2018-04-26 10:58 ` Julien Grall
2018-04-27 15:18 ` Suzuki K Poulose
2018-04-27 15:18 ` Julien Grall
2018-05-03 14:39 ` James Morse
2018-05-08 13:47 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 06/17] kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 07/17] kvm: arm/arm64: Remove spurious WARN_ON Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 08/17] kvm: arm/arm64: Prepare for VM specific stage2 translations Suzuki K Poulose
2018-04-26 13:35 ` Julien Grall
2018-04-27 15:22 ` Suzuki K Poulose
2018-04-27 15:58 ` Suzuki K Poulose
2018-04-27 16:04 ` Julien Grall
2018-03-27 13:15 ` [PATCH v2 09/17] kvm: arm64: Make stage2 page table layout dynamic Suzuki K Poulose
2018-04-25 16:35 ` Julien Grall
2018-04-25 16:37 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 10/17] kvm: arm64: Dynamic configuration of VTCR and VTTBR mask Suzuki K Poulose
2018-04-30 11:14 ` Julien Grall
2018-03-27 13:15 ` [PATCH v2 11/17] kvm: arm64: Configure VTCR per VM Suzuki K Poulose
2018-04-03 14:58 ` James Morse
2018-04-03 15:44 ` Suzuki K Poulose
2018-05-03 14:39 ` James Morse
2018-05-08 11:16 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 12/17] kvm: arm/arm64: Expose supported physical address limit for VM Suzuki K Poulose
2018-04-13 13:21 ` Peter Maydell
2018-04-16 10:23 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 13/17] kvm: arm/arm64: Allow tuning the physical address size " Suzuki K Poulose
2018-04-25 16:10 ` Julien Grall
2018-04-25 16:22 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 14/17] kvm: arm64: Switch to per VM IPA limit Suzuki K Poulose
2018-04-13 16:27 ` Punit Agrawal
2018-04-16 10:25 ` Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 15/17] vgic: Add support for 52bit guest physical address Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 16/17] kvm: arm64: Add support for handling 52bit IPA Suzuki K Poulose
2018-03-27 13:15 ` [PATCH v2 17/17] kvm: arm64: Allow IPA size supported by the system Suzuki K Poulose
2018-03-27 13:15 ` [kvmtool PATCH 18/17] kvmtool: Allow backends to run checks on the KVM device fd Suzuki K Poulose
2018-03-27 13:15 ` [kvmtool PATCH 19/17] kvmtool: arm64: Add support for guest physical address size Suzuki K Poulose
2018-03-27 13:15 ` [kvmtool PATCH 20/17] kvmtool: arm64: Switch memory layout Suzuki K Poulose
2018-04-03 12:34 ` Jean-Philippe Brucker
2018-03-27 13:15 ` [kvmtool PATCH 21/17] kvmtool: arm: Add support for creating VM with PA size Suzuki K Poulose
2018-04-26 14:08 ` Julien Grall
2018-04-30 14:17 ` Julien Grall
2018-04-30 14:18 ` Suzuki K Poulose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1522156531-28348-3-git-send-email-suzuki.poulose@arm.com \
--to=suzuki.poulose@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@kernel.org \
--cc=jasowang@redhat.com \
--cc=jean-philippe.brucker@arm.com \
--cc=kristina.martsenko@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=punit.agrawal@arm.com \
--cc=rkrcmar@redhat.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).