Skip to content

Commit 553768d

Browse files
lxbszaxboe
lxbsz
authored and
axboe
committed
nbd: fix crash when the blksize is zero
This will allow the blksize to be set zero and then use 1024 as default. Reviewed-by: Josef Bacik <[email protected]> Signed-off-by: Xiubo Li <[email protected]> [fix to use goto out instead of return in genl_connect] Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Jens Axboe <[email protected]>
1 parent b49773e commit 553768d

File tree

1 file changed

+20
-3
lines changed

1 file changed

+20
-3
lines changed

drivers/block/nbd.c

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,8 @@ static struct dentry *nbd_dbg_dir;
134134

135135
#define NBD_MAGIC 0x68797548
136136

137+
#define NBD_DEF_BLKSIZE 1024
138+
137139
static unsigned int nbds_max = 16;
138140
static int max_part = 16;
139141
static struct workqueue_struct *recv_workqueue;
@@ -1236,6 +1238,14 @@ static void nbd_clear_sock_ioctl(struct nbd_device *nbd,
12361238
nbd_config_put(nbd);
12371239
}
12381240

1241+
static bool nbd_is_valid_blksize(unsigned long blksize)
1242+
{
1243+
if (!blksize || !is_power_of_2(blksize) || blksize < 512 ||
1244+
blksize > PAGE_SIZE)
1245+
return false;
1246+
return true;
1247+
}
1248+
12391249
/* Must be called with config_lock held */
12401250
static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
12411251
unsigned int cmd, unsigned long arg)
@@ -1251,8 +1261,9 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
12511261
case NBD_SET_SOCK:
12521262
return nbd_add_socket(nbd, arg, false);
12531263
case NBD_SET_BLKSIZE:
1254-
if (!arg || !is_power_of_2(arg) || arg < 512 ||
1255-
arg > PAGE_SIZE)
1264+
if (!arg)
1265+
arg = NBD_DEF_BLKSIZE;
1266+
if (!nbd_is_valid_blksize(arg))
12561267
return -EINVAL;
12571268
nbd_size_set(nbd, arg,
12581269
div_s64(config->bytesize, arg));
@@ -1332,7 +1343,7 @@ static struct nbd_config *nbd_alloc_config(void)
13321343
atomic_set(&config->recv_threads, 0);
13331344
init_waitqueue_head(&config->recv_wq);
13341345
init_waitqueue_head(&config->conn_wait);
1335-
config->blksize = 1024;
1346+
config->blksize = NBD_DEF_BLKSIZE;
13361347
atomic_set(&config->live_connections, 0);
13371348
try_module_get(THIS_MODULE);
13381349
return config;
@@ -1768,6 +1779,12 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
17681779
if (info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES]) {
17691780
u64 bsize =
17701781
nla_get_u64(info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES]);
1782+
if (!bsize)
1783+
bsize = NBD_DEF_BLKSIZE;
1784+
if (!nbd_is_valid_blksize(bsize)) {
1785+
ret = -EINVAL;
1786+
goto out;
1787+
}
17711788
nbd_size_set(nbd, bsize, div64_u64(config->bytesize, bsize));
17721789
}
17731790
if (info->attrs[NBD_ATTR_TIMEOUT]) {

0 commit comments

Comments
 (0)