Re: [PATCH] block: ublk: extending queue_size to fix overflow

From: Jens Axboe
Date: Tue Jan 31 2023 - 10:00:50 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 6.1 12/20] ACPI: video: Add backlight=native DMI quirk for HP Pavilion g6-1d80nr"
Previous message: Sasha Levin: "[PATCH AUTOSEL 6.1 11/20] x86/build: Move '-mindirect-branch-cs-prefix' out of GCC-only block"
In reply to: Ming Lei: "Re: [PATCH] block: ublk: extending queue_size to fix overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 31 Jan 2023 02:05:52 -0500, Liu Xiaodong wrote:
> When validating drafted SPDK ublk target, in a case that
> assigning large queue depth to multiqueue ublk device,
> ublk target would run into a weird incorrect state. During
> rounds of review and debug, An overflow bug was found
> in ublk driver.
>
> In ublk_cmd.h, UBLK_MAX_QUEUE_DEPTH is 4096 which means
> each ublk queue depth can be set as large as 4096. But
> when setting qd for a ublk device,
> sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io)
> will be larger than 65535 if qd is larger than 2728.
> Then queue_size is overflowed, and ublk_get_queue()
> references a wrong pointer position. The wrong content of
> ublk_queue elements will lead to out-of-bounds memory
> access.
>
> [...]

Applied, thanks!

[1/1] block: ublk: extending queue_size to fix overflow
commit: 29baef789c838bd5c02f50c88adbbc6b955aaf61

Best regards,
--
Jens Axboe

Next message: Sasha Levin: "[PATCH AUTOSEL 6.1 12/20] ACPI: video: Add backlight=native DMI quirk for HP Pavilion g6-1d80nr"
Previous message: Sasha Levin: "[PATCH AUTOSEL 6.1 11/20] x86/build: Move '-mindirect-branch-cs-prefix' out of GCC-only block"
In reply to: Ming Lei: "Re: [PATCH] block: ublk: extending queue_size to fix overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]