nbd: validate the block size in nbd_set_size (dcbddf54) · Commits · EulixOS / Software / Kernel

drivers/block/nbd.c

+15 −32

Original line number	Diff line number	Diff line
		@@ -296,16 +296,21 @@ static void nbd_size_clear(struct nbd_device *nbd)
		}
		}

		static void nbd_set_size(struct nbd_device *nbd, loff_t bytesize,
		static int nbd_set_size(struct nbd_device *nbd, loff_t bytesize,
		loff_t blksize)
		{
		struct block_device *bdev;

		if (!blksize)
		blksize = NBD_DEF_BLKSIZE;
		if (blksize < 512 \|\| blksize > PAGE_SIZE \|\| !is_power_of_2(blksize))
		return -EINVAL;

		nbd->config->bytesize = bytesize;
		nbd->config->blksize = blksize;

		if (!nbd->task_recv)
		return;
		return 0;

		if (nbd->config->flags & NBD_FLAG_SEND_TRIM) {
		nbd->disk->queue->limits.discard_granularity = blksize;
		@@ -325,6 +330,7 @@ static void nbd_set_size(struct nbd_device *nbd, loff_t bytesize,
		bdput(bdev);
		}
		kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE);
		return 0;
		}

		static void nbd_complete_rq(struct request *req)
		@@ -1304,8 +1310,7 @@ static int nbd_start_device(struct nbd_device *nbd)
		args->index = i;
		queue_work(nbd->recv_workq, &args->work);
		}
		nbd_set_size(nbd, config->bytesize, config->blksize);
		return error;
		return nbd_set_size(nbd, config->bytesize, config->blksize);
		}

		static int nbd_start_device_ioctl(struct nbd_device nbd, struct block_device bdev)
		@@ -1347,14 +1352,6 @@ static void nbd_clear_sock_ioctl(struct nbd_device *nbd,
		nbd_config_put(nbd);
		}

		static bool nbd_is_valid_blksize(unsigned long blksize)
		{
		if (!blksize \|\| !is_power_of_2(blksize) \|\| blksize < 512 \|\|
		blksize > PAGE_SIZE)
		return false;
		return true;
		}

		static void nbd_set_cmd_timeout(struct nbd_device *nbd, u64 timeout)
		{
		nbd->tag_set.timeout = timeout * HZ;
		@@ -1379,19 +1376,12 @@ static int __nbd_ioctl(struct block_device bdev, struct nbd_device nbd,
		case NBD_SET_SOCK:
		return nbd_add_socket(nbd, arg, false);
		case NBD_SET_BLKSIZE:
		if (!arg)
		arg = NBD_DEF_BLKSIZE;
		if (!nbd_is_valid_blksize(arg))
		return -EINVAL;
		nbd_set_size(nbd, config->bytesize, arg);
		return 0;
		return nbd_set_size(nbd, config->bytesize, arg);
		case NBD_SET_SIZE:
		nbd_set_size(nbd, arg, config->blksize);
		return 0;
		return nbd_set_size(nbd, arg, config->blksize);
		case NBD_SET_SIZE_BLOCKS:
		nbd_set_size(nbd, arg * config->blksize,
		return nbd_set_size(nbd, arg * config->blksize,
		config->blksize);
		return 0;
		case NBD_SET_TIMEOUT:
		nbd_set_cmd_timeout(nbd, arg);
		return 0;
		@@ -1809,18 +1799,11 @@ static int nbd_genl_size_set(struct genl_info info, struct nbd_device nbd)
		if (info->attrs[NBD_ATTR_SIZE_BYTES])
		bytes = nla_get_u64(info->attrs[NBD_ATTR_SIZE_BYTES]);

		if (info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES]) {
		if (info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES])
		bsize = nla_get_u64(info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES]);
		if (!bsize)
		bsize = NBD_DEF_BLKSIZE;
		if (!nbd_is_valid_blksize(bsize)) {
		printk(KERN_ERR "Invalid block size %llu\n", bsize);
		return -EINVAL;
		}
		}

		if (bytes != config->bytesize \|\| bsize != config->blksize)
		nbd_set_size(nbd, bytes, bsize);
		return nbd_set_size(nbd, bytes, bsize);
		return 0;
		}