On Mon, May 17, 2021 at 5:56 PM Xie Yongji <xieyongji@xxxxxxxxxxxxx> wrote: > > This ensures that we will not use an invalid block size > in config space (might come from an untrusted device). > > Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx> > --- > drivers/block/virtio_blk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > index ebb4d3fe803f..c848aa36d49b 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -826,7 +826,7 @@ static int virtblk_probe(struct virtio_device *vdev) > err = virtio_cread_feature(vdev, VIRTIO_BLK_F_BLK_SIZE, > struct virtio_blk_config, blk_size, > &blk_size); > - if (!err) > + if (!err && blk_size > 0 && blk_size <= max_size) The check here is incorrect. I will use PAGE_SIZE as the maximum boundary in the new version. Thanks, Yongji
