[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.3 19/87] hw/nvme: fix invalid check on mcl
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-8.2.3 19/87] hw/nvme: fix invalid check on mcl |
|
Date: |
Wed, 10 Apr 2024 10:21:52 +0300 |
From: Klaus Jensen <k.jensen@samsung.com>
The number of logical blocks within a source range is converted into a
1s based number at the time of parsing. However, when verifying the copy
length we add one again, causing the check against MCL to fail in error.
Cc: qemu-stable@nongnu.org
Fixes: 381ab99d8587 ("hw/nvme: check maximum copy length (MCL) for COPY")
Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 8c78015a55d84c016da6d5e41b6b5f618ecb25ab)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 94ef639457..abc0387f2c 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -2855,7 +2855,7 @@ static inline uint16_t nvme_check_copy_mcl(NvmeNamespace
*ns,
uint32_t nlb;
nvme_copy_source_range_parse(iocb->ranges, idx, iocb->format, NULL,
&nlb, NULL, NULL, NULL);
- copy_len += nlb + 1;
+ copy_len += nlb;
}
if (copy_len > ns->id_ns.mcl) {
--
2.39.2
- [Stable-8.2.3 06/87] ui/cocoa: Fix window clipping on macOS 14, (continued)
- [Stable-8.2.3 06/87] ui/cocoa: Fix window clipping on macOS 14, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 07/87] target/arm: Fix 32-bit SMOPA, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 09/87] system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 10/87] hw/scsi/lsi53c895a: stop script on phase mismatch, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 11/87] hw/scsi/lsi53c895a: add timer to scripts processing, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 13/87] migration/rdma: Fix a memory issue for migration, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 15/87] e1000e: fix link state on resume, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 12/87] make-release: switch to .xz format by default, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 14/87] igb: fix link state on resume, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 16/87] Avoid unaligned fetch in ladr_match(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 19/87] hw/nvme: fix invalid check on mcl,
Michael Tokarev <=
- [Stable-8.2.3 17/87] xen: Drop out of coroutine context xen_invalidate_map_cache_entry, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 20/87] hw/nvme: generalize the mbar size helper, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 18/87] hw/nvme: separate 'serial' property for VFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 22/87] hw/nvme: Use pcie_sriov_num_vfs(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 25/87] hw/audio/virtio-sound: return correct command response size, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 21/87] hw/nvme: add machine compatibility parameter to enable msix exclusive bar, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 23/87] pcie_sriov: Validate NumVFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 24/87] hmat acpi: Fix out of bounds access due to missing use of indirection, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 26/87] migration: Skip only empty block devices, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 30/87] nbd/server: Fix race in draining the export, Michael Tokarev, 2024/04/10