[PATCH v4 1/4] vduse: validate block features only with block devices
Maxime Coquelin
maxime.coquelin at redhat.com
Mon Oct 23 07:35:24 UTC 2023
On 10/21/23 00:07, Casey Schaufler wrote:
> On 10/20/2023 8:58 AM, Maxime Coquelin wrote:
>> This patch is preliminary work to enable network device
>> type support to VDUSE.
>>
>> As VIRTIO_BLK_F_CONFIG_WCE shares the same value as
>> VIRTIO_NET_F_HOST_TSO4, we need to restrict its check
>> to Virtio-blk device type.
>>
>> Acked-by: Jason Wang <jasowang at redhat.com>
>> Reviewed-by: Xie Yongji <xieyongji at bytedance.com>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
>> ---
>> drivers/vdpa/vdpa_user/vduse_dev.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c
>> index df7869537ef1..5b3879976b3d 100644
>> --- a/drivers/vdpa/vdpa_user/vduse_dev.c
>> +++ b/drivers/vdpa/vdpa_user/vduse_dev.c
>> @@ -1662,13 +1662,14 @@ static bool device_is_allowed(u32 device_id)
>> return false;
>> }
>>
>> -static bool features_is_valid(u64 features)
>> +static bool features_is_valid(struct vduse_dev_config *config)
>
> This should either be features_are_valid() or feature_is_valid().
> Correct pluralization is important in the English language.
Indeed, I will change to features_are_valid() in next revision.
Thanks,
Maxime
>> {
>> - if (!(features & (1ULL << VIRTIO_F_ACCESS_PLATFORM)))
>> + if (!(config->features & (1ULL << VIRTIO_F_ACCESS_PLATFORM)))
>> return false;
>>
>> /* Now we only support read-only configuration space */
>> - if (features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE))
>> + if ((config->device_id == VIRTIO_ID_BLOCK) &&
>> + (config->features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE)))
>> return false;
>>
>> return true;
>> @@ -1695,7 +1696,7 @@ static bool vduse_validate_config(struct vduse_dev_config *config)
>> if (!device_is_allowed(config->device_id))
>> return false;
>>
>> - if (!features_is_valid(config->features))
>> + if (!features_is_valid(config))
>> return false;
>>
>> return true;
>
More information about the Linux-security-module-archive
mailing list