virtio_pmem: Check device status before requesting flush

Upstream commit: e25fbcd97cf52c3c9824d44b5c56c19673c3dd50 CVE ID: CVE-2024-50184 [1] If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated. Link: https://tapd.woa.com/tapd_fe/69992352/bug/detail/1069992352134342997 [1] Signed-off-by: Philip Chen <philipchen@chromium.org> Message-Id: <20240826215313.2673566-1-philipchen@chromium.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
2024-08-26 21:53:13 +00:00 · 2024-08-26 21:53:13 +00:00 · 97a094893c
parent 378ca0b9e6
commit 97a094893c
1 changed files with 9 additions and 0 deletions
--- a/drivers/nvdimm/nd_virtio.c
+++ b/drivers/nvdimm/nd_virtio.c
@ -44,6 +44,15 @@ static int virtio_pmem_flush(struct nd_region *nd_region)
 	unsigned long flags;
 	int err, err1;

+	/*
+	 * Don't bother to submit the request to the device if the device is
+	 * not activated.
+	 */
+	if (vdev->config->get_status(vdev) & VIRTIO_CONFIG_S_NEEDS_RESET) {
+		dev_info(&vdev->dev, "virtio pmem device needs a reset\n");
+		return -EIO;
+	}
+
 	might_sleep();
 	req_data = kmalloc(sizeof(*req_data), GFP_KERNEL);
 	if (!req_data)