null_blk: fix zone size paramter check

[ Upstream commit c462ecd659b5fce731f1d592285832fd6ad54053 ]

Fix CVE: CVE-2024-41077

For zoned=1 mode, the zone size must be a power of 2. Check this not
only when the zone size is specified during modprobe, but also when
creating a zoned null_blk device using configfs.

Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Haisu Wang <haisuwang@tencent.com>
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
This commit is contained in:
Damien Le Moal 2019-12-03 10:39:01 +01:00 committed by Jianping Liu
parent 860299b7c0
commit 8113059747
1 changed files with 12 additions and 7 deletions

View File

@ -1575,7 +1575,7 @@ static int null_init_tag_set(struct nullb *nullb, struct blk_mq_tag_set *set)
return blk_mq_alloc_tag_set(set); return blk_mq_alloc_tag_set(set);
} }
static void null_validate_conf(struct nullb_device *dev) static int null_validate_conf(struct nullb_device *dev)
{ {
dev->blocksize = round_down(dev->blocksize, 512); dev->blocksize = round_down(dev->blocksize, 512);
dev->blocksize = clamp_t(unsigned int, dev->blocksize, 512, 4096); dev->blocksize = clamp_t(unsigned int, dev->blocksize, 512, 4096);
@ -1602,6 +1602,14 @@ static void null_validate_conf(struct nullb_device *dev)
/* can not stop a queue */ /* can not stop a queue */
if (dev->queue_mode == NULL_Q_BIO) if (dev->queue_mode == NULL_Q_BIO)
dev->mbps = 0; dev->mbps = 0;
if (dev->zoned &&
(!dev->zone_size || !is_power_of_2(dev->zone_size))) {
pr_err("zone_size must be power-of-two\n");
return -EINVAL;
}
return 0;
} }
#ifdef CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION #ifdef CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION
@ -1634,7 +1642,9 @@ static int null_add_dev(struct nullb_device *dev)
struct nullb *nullb; struct nullb *nullb;
int rv; int rv;
null_validate_conf(dev); rv = null_validate_conf(dev);
if (rv)
return rv;
nullb = kzalloc_node(sizeof(*nullb), GFP_KERNEL, dev->home_node); nullb = kzalloc_node(sizeof(*nullb), GFP_KERNEL, dev->home_node);
if (!nullb) { if (!nullb) {
@ -1769,11 +1779,6 @@ static int __init null_init(void)
g_bs = PAGE_SIZE; g_bs = PAGE_SIZE;
} }
if (!is_power_of_2(g_zone_size)) {
pr_err("zone_size must be power-of-two\n");
return -EINVAL;
}
if (g_home_node != NUMA_NO_NODE && g_home_node >= nr_online_nodes) { if (g_home_node != NUMA_NO_NODE && g_home_node >= nr_online_nodes) {
pr_err("invalid home_node value\n"); pr_err("invalid home_node value\n");
g_home_node = NUMA_NO_NODE; g_home_node = NUMA_NO_NODE;