[PULL 20/30] hw/block/nvme: fix log page offset check

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 20/30] hw/block/nvme: fix log page offset check

From:	Klaus Jensen
Subject:	[PULL 20/30] hw/block/nvme: fix log page offset check
Date:	Tue, 27 Oct 2020 11:49:22 +0100

From: Keith Busch <kbusch@kernel.org>

Return error if the requested offset starts after the size of the log
being returned. Also, move the check for earlier in the function so
we're not doing unnecessary calculations.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed- by: Dmitry Fomichev <dmitry.fomichev@wdc.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/block/nvme.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index a168f0bf4adb..aa725d1141b2 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1179,6 +1179,10 @@ static uint16_t nvme_smart_info(NvmeCtrl *n, uint8_t 
rae, uint32_t buf_len,
         return NVME_INVALID_FIELD | NVME_DNR;
     }
 
+    if (off >= sizeof(smart)) {
+        return NVME_INVALID_FIELD | NVME_DNR;
+    }
+
     for (int i = 1; i <= n->num_namespaces; i++) {
         NvmeNamespace *ns = nvme_ns(n, i);
         if (!ns) {
@@ -1193,10 +1197,6 @@ static uint16_t nvme_smart_info(NvmeCtrl *n, uint8_t 
rae, uint32_t buf_len,
         write_commands += s->nr_ops[BLOCK_ACCT_WRITE];
     }
 
-    if (off > sizeof(smart)) {
-        return NVME_INVALID_FIELD | NVME_DNR;
-    }
-
     trans_len = MIN(sizeof(smart) - off, buf_len);
 
     memset(&smart, 0x0, sizeof(smart));
@@ -1234,12 +1234,11 @@ static uint16_t nvme_fw_log_info(NvmeCtrl *n, uint32_t 
buf_len, uint64_t off,
         .afi = 0x1,
     };
 
-    strpadcpy((char *)&fw_log.frs1, sizeof(fw_log.frs1), "1.0", ' ');
-
-    if (off > sizeof(fw_log)) {
+    if (off >= sizeof(fw_log)) {
         return NVME_INVALID_FIELD | NVME_DNR;
     }
 
+    strpadcpy((char *)&fw_log.frs1, sizeof(fw_log.frs1), "1.0", ' ');
     trans_len = MIN(sizeof(fw_log) - off, buf_len);
 
     return nvme_dma(n, (uint8_t *) &fw_log + off, trans_len,
@@ -1252,16 +1251,15 @@ static uint16_t nvme_error_info(NvmeCtrl *n, uint8_t 
rae, uint32_t buf_len,
     uint32_t trans_len;
     NvmeErrorLog errlog;
 
+    if (off >= sizeof(errlog)) {
+        return NVME_INVALID_FIELD | NVME_DNR;
+    }
+
     if (!rae) {
         nvme_clear_events(n, NVME_AER_TYPE_ERROR);
     }
 
-    if (off > sizeof(errlog)) {
-        return NVME_INVALID_FIELD | NVME_DNR;
-    }
-
     memset(&errlog, 0x0, sizeof(errlog));
-
     trans_len = MIN(sizeof(errlog) - off, buf_len);
 
     return nvme_dma(n, (uint8_t *)&errlog, trans_len,
-- 
2.29.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 10/30] hw/block/nvme: default request status to success, (continued)
- [PULL 10/30] hw/block/nvme: default request status to success, Klaus Jensen, 2020/10/27
- [PULL 13/30] hw/block/nvme: add support for sgl bit bucket descriptor, Klaus Jensen, 2020/10/27
- [PULL 14/30] hw/block/nvme: refactor identify active namespace id list, Klaus Jensen, 2020/10/27
- [PULL 12/30] hw/block/nvme: add support for scatter gather lists, Klaus Jensen, 2020/10/27
- [PULL 16/30] pci: allocate pci id for nvme, Klaus Jensen, 2020/10/27
- [PULL 15/30] hw/block/nvme: support multiple namespaces, Klaus Jensen, 2020/10/27
- [PULL 18/30] hw/block/nvme: update nsid when registered, Klaus Jensen, 2020/10/27
- [PULL 17/30] hw/block/nvme: change controller pci id, Klaus Jensen, 2020/10/27
- [PULL 19/30] hw/block/nvme: remove pointless rw indirection, Klaus Jensen, 2020/10/27
- [PULL 21/30] hw/block/nvme: support per-namespace smart log, Klaus Jensen, 2020/10/27
- [PULL 20/30] hw/block/nvme: fix log page offset check, Klaus Jensen <=
- [PULL 23/30] hw/block/nvme: support for admin-only command set, Klaus Jensen, 2020/10/27
- [PULL 26/30] hw/block/nvme: add trace event for requests with non-zero status code, Klaus Jensen, 2020/10/27
- [PULL 24/30] hw/block/nvme: reject io commands if only admin command set selected, Klaus Jensen, 2020/10/27
- [PULL 28/30] hw/block/nvme: fix prp mapping status codes, Klaus Jensen, 2020/10/27
- [PULL 29/30] hw/block/nvme: fix create IO SQ/CQ status codes, Klaus Jensen, 2020/10/27
- [PULL 27/30] hw/block/nvme: report actual LBA data shift in LBAF, Klaus Jensen, 2020/10/27
- [PULL 22/30] hw/block/nvme: validate command set selected, Klaus Jensen, 2020/10/27
- [PULL 25/30] hw/block/nvme: add nsid to get/setfeat trace events, Klaus Jensen, 2020/10/27
- [PULL 30/30] hw/block/nvme: fix queue identifer validation, Klaus Jensen, 2020/10/27
- Re: [PULL 00/30] nvme emulation patches for 5.2, Peter Maydell, 2020/10/29

Prev by Date: [PULL 21/30] hw/block/nvme: support per-namespace smart log
Next by Date: [PULL 23/30] hw/block/nvme: support for admin-only command set
Previous by thread: [PULL 21/30] hw/block/nvme: support per-namespace smart log
Next by thread: [PULL 23/30] hw/block/nvme: support for admin-only command set
Index(es):
- Date
- Thread