From: Dmitry Fomichev <dmitry.fomichev@wdc.com>
To: "Klaus Jensen" <k.jensen@samsung.com>,
"Keith Busch" <kbusch@kernel.org>,
"Kevin Wolf" <kwolf@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Max Reitz" <mreitz@redhat.com>,
qemu-devel@nongnu.org
Cc: Dmitry Fomichev <dmitry.fomichev@wdc.com>,
Niklas Cassel <niklas.cassel@wdc.com>,
Damien Le Moal <damien.lemoal@wdc.com>,
qemu-block@nongnu.org
Subject: [PATCH 1/3] hw/block/nvme: Check for zone boundary during append
Date: Tue, 26 Jan 2021 14:02:46 +0900 [thread overview]
Message-ID: <20210126050248.9077-2-dmitry.fomichev@wdc.com> (raw)
In-Reply-To: <20210126050248.9077-1-dmitry.fomichev@wdc.com>
It is observed that with the existing code it is possible to keep
appending to a zone indefinitely. To fix, add the missing check to
verify that the zone append is not going to write beyond zone capacity.
Reported-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Dmitry Fomichev <dmitry.fomichev@wdc.com>
---
hw/block/nvme.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index f64676a930..67538010ef 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1135,9 +1135,10 @@ static uint16_t nvme_check_zone_write(NvmeCtrl *n, NvmeNamespace *ns,
NvmeZone *zone, uint64_t slba,
uint32_t nlb, bool append)
{
+ uint64_t bndry = nvme_zone_wr_boundary(zone);
uint16_t status;
- if (unlikely((slba + nlb) > nvme_zone_wr_boundary(zone))) {
+ if (unlikely(slba + nlb > bndry)) {
status = NVME_ZONE_BOUNDARY_ERROR;
} else {
status = nvme_check_zone_state_for_write(zone);
@@ -1151,8 +1152,9 @@ static uint16_t nvme_check_zone_write(NvmeCtrl *n, NvmeNamespace *ns,
if (unlikely(slba != zone->d.zslba)) {
trace_pci_nvme_err_append_not_at_start(slba, zone->d.zslba);
status = NVME_INVALID_FIELD;
- }
- if (nvme_l2b(ns, nlb) > (n->page_size << n->zasl)) {
+ } else if (unlikely(zone->w_ptr + nlb > bndry)) {
+ status = NVME_ZONE_BOUNDARY_ERROR;
+ } else if (nvme_l2b(ns, nlb) > (n->page_size << n->zasl)) {
trace_pci_nvme_err_append_too_large(slba, nlb, n->zasl);
status = NVME_INVALID_FIELD;
}
--
2.28.0
next prev parent reply other threads:[~2021-01-26 5:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 5:02 [PATCH 0/3] Fix zone write validation Dmitry Fomichev
2021-01-26 5:02 ` Dmitry Fomichev [this message]
2021-01-26 7:50 ` [PATCH 1/3] hw/block/nvme: Check for zone boundary during append Klaus Jensen
2021-01-26 5:02 ` [PATCH 2/3] hw/block/nvme: Check zone state before checking boundaries Dmitry Fomichev
2021-01-26 7:54 ` Klaus Jensen
2021-01-26 5:02 ` [PATCH 3/3] hw/block/nvme: Add trace events for zone boundary violations Dmitry Fomichev
2021-01-26 8:21 ` [PATCH 0/3] Fix zone write validation Klaus Jensen
2021-01-26 8:40 ` Klaus Jensen
2021-01-27 17:46 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210126050248.9077-2-dmitry.fomichev@wdc.com \
--to=dmitry.fomichev@wdc.com \
--cc=damien.lemoal@wdc.com \
--cc=k.jensen@samsung.com \
--cc=kbusch@kernel.org \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=niklas.cassel@wdc.com \
--cc=philmd@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.