From: keith.busch@intel.com (Keith Busch)
Subject: [PATCH 02/16] nvme-core: Refuse out-of-range integrity data seeds
Date: Mon, 8 Oct 2018 15:46:24 -0600 [thread overview]
Message-ID: <20181008214624.GA5926@localhost.localdomain> (raw)
In-Reply-To: <20181008212854.68310-3-bvanassche@acm.org>
On Mon, Oct 08, 2018@02:28:40PM -0700, Bart Van Assche wrote:
> The nvme_user_io.slba field is 64 bits wide. That value is copied into the
> 32-bit bio_integrity_payload.bip_iter.bi_sector field. Refuse slba values
> that exceed 32 bits. This patch avoids that Coverity complains about
> implicit truncation. See also Coverity ID 1056486 on
> http://scan.coverity.com/projects/linux.
>
> Signed-off-by: Bart Van Assche <bvanassche at acm.org>
> ---
> drivers/nvme/host/core.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index 63932dea74a1..04138223fad6 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -1118,6 +1118,14 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio)
> return -EINVAL;
> }
>
> + /*
> + * io.slba is 64 bits wide. Only the lower 32 bits are used as a seed.
> + * Refuse seed values that exceed 32 bits instead of truncating the
> + * seed value silently. See also nvme_add_user_metadata().
> + */
> + if (io.slba >> 32 != 0)
> + return -EINVAL;
> +
> memset(&c, 0, sizeof(c));
> c.rw.opcode = io.opcode;
> c.rw.flags = io.flags;
The bip sector is supposed to wrap if it exceeds 32 bits. Just feed
"lower_32_bits(io.slba)" as the metadata seed.
next prev parent reply other threads:[~2018-10-08 21:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-08 21:28 [PATCH 00/16] Fixes for issues detected by static analyzers Bart Van Assche
2018-10-08 21:28 ` [PATCH 01/16] nvme-core: Declare local symbols static Bart Van Assche
2018-10-08 21:51 ` Chaitanya Kulkarni
2018-10-09 11:26 ` Johannes Thumshirn
2018-10-08 21:28 ` [PATCH 02/16] nvme-core: Refuse out-of-range integrity data seeds Bart Van Assche
2018-10-08 21:46 ` Keith Busch [this message]
2018-10-08 21:28 ` [PATCH 03/16] nvme-core: Rework a NQN copying operation Bart Van Assche
2018-10-09 11:27 ` Johannes Thumshirn
2018-10-08 21:28 ` [PATCH 04/16] nvme-core: Complain if nvme_init_identify() fails Bart Van Assche
2018-10-08 21:45 ` Chaitanya Kulkarni
2018-10-08 22:16 ` Keith Busch
2018-10-08 22:26 ` Bart Van Assche
2018-10-08 22:54 ` Keith Busch
2018-10-08 21:28 ` [PATCH 05/16] nvme-pci: Fix nvme_suspend_queue() kernel-doc header Bart Van Assche
2018-10-08 21:58 ` Keith Busch
2018-10-08 21:28 ` [PATCH 06/16] nvme-fc: Fix kernel-doc headers Bart Van Assche
2018-10-09 18:30 ` James Smart
2018-10-08 21:28 ` [PATCH 07/16] nvme-fc: Introduce struct nvme_fcp_op_w_sgl Bart Van Assche
2018-10-09 18:38 ` James Smart
2018-10-08 21:28 ` [PATCH 08/16] nvme-fc: Rework the request initialization code Bart Van Assche
2018-10-09 18:41 ` James Smart
2018-10-08 21:28 ` [PATCH 09/16] nvmet-fc: Fix kernel-doc headers Bart Van Assche
2018-10-09 18:43 ` James Smart
2018-10-08 21:28 ` [PATCH 10/16] nvmet-fcloop: Suppress a compiler warning Bart Van Assche
2018-10-09 18:44 ` James Smart
2018-10-10 13:18 ` Christoph Hellwig
2018-10-08 21:28 ` [PATCH 11/16] nvmet: Use strcmp() instead of strncmp() for subsystem lookup Bart Van Assche
2018-10-08 21:28 ` [PATCH 12/16] nvmet: Remove unreachable code from nvmet_parse_discovery_cmd() Bart Van Assche
2018-10-08 22:02 ` Chaitanya Kulkarni
2018-10-09 1:49 ` Bart Van Assche
2018-10-08 21:28 ` [PATCH 13/16] nvmet: Use strlcpy() instead of strcpy() Bart Van Assche
2018-10-08 22:06 ` Chaitanya Kulkarni
2018-10-08 21:28 ` [PATCH 14/16] nvmet: Avoid integer overflow in the discard code Bart Van Assche
2018-10-08 21:57 ` Chaitanya Kulkarni
2018-10-08 21:28 ` [PATCH 15/16] nvmet-rdma: Declare local symbols static Bart Van Assche
2018-10-08 21:43 ` Chaitanya Kulkarni
2018-10-08 21:28 ` [PATCH 16/16] nvmet-rdma: Check for timeout in nvme_rdma_wait_for_cm() Bart Van Assche
2018-10-09 16:58 ` [PATCH 00/16] Fixes for issues detected by static analyzers Christoph Hellwig
2018-10-10 13:18 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181008214624.GA5926@localhost.localdomain \
--to=keith.busch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.