When the maximum IO size supported by the virtio-blk backend is large
enough (>= 32MiB for 512B sectors), the computed blk_num_max will
overflow. In particular, if it's a multiple of 32MiB, blk_num_max
will end up as zero, causing IO requests to fail.

This is triggered by e.g. the SPDK virtio-blk vhost-user backend.

To fix it, just limit blk_num_max to 65535 before converting to u16.

Signed-off-by: Lukas Stockner <lstockner@genesiscloud.com>
---
 src/hw/virtio-blk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hw/virtio-blk.c b/src/hw/virtio-blk.c
index e087fe4..137a2c3 100644
--- a/src/hw/virtio-blk.c
+++ b/src/hw/virtio-blk.c
@@ -92,7 +92,7 @@ virtio_blk_op(struct disk_op_s *op, int write)
     u16 blk_num_max;
 
     if (vdrive->drive.blksize != 0 && max_io_size != 0)
-        blk_num_max = (u16)(max_io_size / vdrive->drive.blksize);
+        blk_num_max = (u16) min(max_io_size / vdrive->drive.blksize, 0xffff);
     else
         /* default blk_num_max if hardware doesnot advise a proper value */
         blk_num_max = 64;
-- 
2.41.0

_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

On Tue, Jun 06, 2023 at 03:29:52PM +0200, Lukas Stockner via SeaBIOS wrote:
> When the maximum IO size supported by the virtio-blk backend is large
> enough (>= 32MiB for 512B sectors), the computed blk_num_max will
> overflow. In particular, if it's a multiple of 32MiB, blk_num_max
> will end up as zero, causing IO requests to fail.
> 
> This is triggered by e.g. the SPDK virtio-blk vhost-user backend.
> 
> To fix it, just limit blk_num_max to 65535 before converting to u16.

Thanks.  I committed this change.

-Kevin
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org