Commit 3db05638 authored Jul 31, 2024 by Andreas Hindborg Committed by Zeng Heng Jul 31, 2024

null_blk: fix validation of block size

stable inclusion
from stable-v5.10.223
commit 9625afe1dd4a158a14bb50f81af9e2dac634c0b1
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGEMW
CVE: CVE-2024-41077

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9625afe1dd4a158a14bb50f81af9e2dac634c0b1

---------------------------

[ Upstream commit c462ecd659b5fce731f1d592285832fd6ad54053 ]

Block size should be between 512 and PAGE_SIZE and be a power of 2. The current
check does not validate this, so update the check.

Without this patch, null_blk would Oops due to a null pointer deref when
loaded with bs=1536 [1].

Link: https://lore.kernel.org/all/87wmn8mocd.fsf@metaspace.dk/



Signed-off-by: Andreas Hindborg <a.hindborg@samsung.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20240603192645.977968-1-nmi@metaspace.dk


[axboe: remove unnecessary braces and != 0 check]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Zeng Heng <zengheng4@huawei.com>

parent 98dea376

drivers/block/null_blk/main.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1756,8 +1756,8 @@ static int null_validate_conf(struct nullb_device *dev)
		return -EINVAL;
		}

		dev->blocksize = round_down(dev->blocksize, 512);
		dev->blocksize = clamp_t(unsigned int, dev->blocksize, 512, 4096);
		if (blk_validate_block_size(dev->blocksize))
		return -EINVAL;

		if (dev->queue_mode == NULL_Q_MQ && dev->use_per_node_hctx) {
		if (dev->submit_queues != nr_online_nodes)