Legacy virtio pci has no way to communicate a change in vq size to
the hypervisor. If ring sizes don't match hypervisor will happily
corrupt memory.
We add a check to vring size before calling
vp_legacy_set_queue_address(). Checking the memory range directly is a
bit cumbersome.
Signed-off-by: Xuan Zhuo <xuanzhuo@xxxxxxxxxxxxxxxxx>
---
v2: replace BUG_ON with WARN_ON_ONCE. @Linus
drivers/virtio/virtio_pci_legacy.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c
index 2257f1b3d8ae..091e73d74e94 100644
--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c
@@ -146,6 +146,15 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
goto out_del_vq;
}
+ /* Legacy virtio pci has no way to communicate a change in vq size to
+ * the hypervisor. If ring sizes don't match hypervisor will happily
+ * corrupt memory.
+ */
+ if (WARN_ON_ONCE(num != virtqueue_get_vring_size(vq))) {
+ err = -EPERM;
+ goto out_del_vq;
+ }
+
/* activate the queue */
vp_legacy_set_queue_address(&vp_dev->ldev, index, q_pfn);
--
2.31.0
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
