[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL v2 36/38] hw/block/nvme: support namespace attachment command
|
From: |
Klaus Jensen |
|
Subject: |
Re: [PULL v2 36/38] hw/block/nvme: support namespace attachment command |
|
Date: |
Fri, 12 Mar 2021 16:10:01 +0100 |
On Mar 12 13:12, Peter Maydell wrote:
> On Tue, 9 Mar 2021 at 11:46, Klaus Jensen <its@irrelevant.dk> wrote:
> >
> > From: Minwoo Im <minwoo.im.dev@gmail.com>
> >
> > This patch supports Namespace Attachment command for the pre-defined
> > nvme-ns device nodes. Of course, attach/detach namespace should only be
> > supported in case 'subsys' is given. This is because if we detach a
> > namespace from a controller, somebody needs to manage the detached, but
> > allocated namespace in the NVMe subsystem.
> >
> > As command effect for the namespace attachment command is registered,
> > the host will be notified that namespace inventory is changed so that
> > host will rescan the namespace inventory after this command. For
> > example, kernel driver manages this command effect via passthru IOCTL.
>
> > diff --git a/hw/block/nvme.h b/hw/block/nvme.h
> > index 85a7b5a14f4e..1287bc2cd17a 100644
> > --- a/hw/block/nvme.h
> > +++ b/hw/block/nvme.h
> > @@ -235,6 +235,11 @@ static inline void nvme_ns_attach(NvmeCtrl *n,
> > NvmeNamespace *ns)
> > n->namespaces[nvme_nsid(ns) - 1] = ns;
> > }
> >
> > +static inline void nvme_ns_detach(NvmeCtrl *n, NvmeNamespace *ns)
> > +{
> > + n->namespaces[nvme_nsid(ns) - 1] = NULL;
> > +}
>
> Hi; Coverity complains about a possible array overflow both here
> in nvme_ns_detach() (CID 1450757) and in nvme_ns_attach() (CID 1450758):
> nvme_nsid() can return -1, but this code does not check for that.
>
> If these functions both assume that their ns argument is non-NULL,
> then adding an "assert(ns)" would probably placate Coverity and also
> would mean that any bugs elsewhere resulting in accidentally passing
> a NULL pointer would result in a clean assertion failure rather than
> memory corruption. (Or you could directly assert that the array index
> is in-bounds, I guess.)
>
Hi Peter,
Thanks!
As far as I can tell, we never reach this without nsid being a valid
value or ns being NULL, but as you say, future misuse would be bad. I
will post a fix to make sure such misuse does not happen in the future.
signature.asc
Description: PGP signature
- [PULL v2 24/38] hw/block/nvme: report non-mdts command size limit for dsm, (continued)
- [PULL v2 24/38] hw/block/nvme: report non-mdts command size limit for dsm, Klaus Jensen, 2021/03/09
- [PULL v2 23/38] hw/block/nvme: add trace event for zone read check, Klaus Jensen, 2021/03/09
- [PULL v2 26/38] hw/block/nvme: remove block accounting for write zeroes, Klaus Jensen, 2021/03/09
- [PULL v2 25/38] hw/block/nvme: remove redundant len member in compare context, Klaus Jensen, 2021/03/09
- [PULL v2 31/38] hw/block/nvme: support namespace detach, Klaus Jensen, 2021/03/09
- [PULL v2 27/38] hw/block/nvme: fix strerror printing, Klaus Jensen, 2021/03/09
- [PULL v2 35/38] hw/block/nvme: refactor nvme_select_ns_iocs, Klaus Jensen, 2021/03/09
- [PULL v2 32/38] hw/block/nvme: fix namespaces array to 1-based, Klaus Jensen, 2021/03/09
- [PULL v2 36/38] hw/block/nvme: support namespace attachment command, Klaus Jensen, 2021/03/09
- [PULL v2 37/38] hw/block/nvme: support changed namespace asynchronous event, Klaus Jensen, 2021/03/09
- [PULL v2 38/38] hw/block/nvme: support Identify NS Attached Controller List, Klaus Jensen, 2021/03/09
- [PULL v2 33/38] hw/block/nvme: fix allocated namespace list to 256, Klaus Jensen, 2021/03/09
- [PULL v2 34/38] hw/block/nvme: support allocated namespace type, Klaus Jensen, 2021/03/09
- Re: [PULL v2 00/38] emulated nvme device updates, Peter Maydell, 2021/03/11