diff options
| author | Lukas Stockner via SeaBIOS <seabios@seabios.org> | 2023-06-06 15:29:52 +0200 |
|---|---|---|
| committer | Kevin O'Connor <kevin@koconnor.net> | 2023-06-13 11:11:25 -0400 |
| commit | cd933454b5e3e1f86379a44b5ae1852c2a01a485 (patch) | |
| tree | 52fbf10344dd3366213eaea5311f7e1d3e984f39 | |
| parent | 4db444b9a78abf9f6dc981f0e79db749765dc6e8 (diff) | |
| download | seabios-cd933454b5e3e1f86379a44b5ae1852c2a01a485.zip seabios-cd933454b5e3e1f86379a44b5ae1852c2a01a485.tar.gz seabios-cd933454b5e3e1f86379a44b5ae1852c2a01a485.tar.bz2 | |
virtio-blk: Fix integer overflow for large max IO sizes
When the maximum IO size supported by the virtio-blk backend is large
enough (>= 32MiB for 512B sectors), the computed blk_num_max will
overflow. In particular, if it's a multiple of 32MiB, blk_num_max
will end up as zero, causing IO requests to fail.
This is triggered by e.g. the SPDK virtio-blk vhost-user backend.
To fix it, just limit blk_num_max to 65535 before converting to u16.
Signed-off-by: Lukas Stockner <lstockner@genesiscloud.com>
| -rw-r--r-- | src/hw/virtio-blk.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/hw/virtio-blk.c b/src/hw/virtio-blk.c index e087fe4..137a2c3 100644 --- a/src/hw/virtio-blk.c +++ b/src/hw/virtio-blk.c @@ -92,7 +92,7 @@ virtio_blk_op(struct disk_op_s *op, int write) u16 blk_num_max; if (vdrive->drive.blksize != 0 && max_io_size != 0) - blk_num_max = (u16)(max_io_size / vdrive->drive.blksize); + blk_num_max = (u16) min(max_io_size / vdrive->drive.blksize, 0xffff); else /* default blk_num_max if hardware doesnot advise a proper value */ blk_num_max = 64; |