From: keith.busch@intel.com (Keith Busch)
Subject: [PATCH-4.6 3/3] NVMe: Don't allow unsupported flags
Date: Thu, 18 Feb 2016 16:21:17 -0700 [thread overview]
Message-ID: <1455837677-23248-3-git-send-email-keith.busch@intel.com> (raw)
In-Reply-To: <1455837677-23248-1-git-send-email-keith.busch@intel.com>
The command flags can change the meaning of other fields in the command
that the driver is not prepared to handle. Specifically, the user could
passthrough an SGL flag, causing the controller to misinterpret the PRP
list the driver created, potentially corrupting memory or data.
Signed-off-by: Keith Busch <keith.busch at intel.com>
---
Alternatively I have a different patch that builds SGL's if the flags
has it set and the device supports SGL. Any interest?
I didn't post it since the fast path only gets PRP-able scatter lists,
and the additional logic to handle SGL's complicates handling the NVMe
IO descriptor.
drivers/nvme/host/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 33ad10d..d8c3a55 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -398,7 +398,7 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio)
memset(&c, 0, sizeof(c));
c.rw.opcode = io.opcode;
- c.rw.flags = io.flags;
+ c.rw.flags = 0;
c.rw.nsid = cpu_to_le32(ns->ns_id);
c.rw.slba = cpu_to_le64(io.slba);
c.rw.length = cpu_to_le16(io.nblocks);
@@ -428,7 +428,7 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
memset(&c, 0, sizeof(c));
c.common.opcode = cmd.opcode;
- c.common.flags = cmd.flags;
+ c.common.flags = 0;
c.common.nsid = cpu_to_le32(cmd.nsid);
c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
--
2.6.2.307.g37023ba
next prev parent reply other threads:[~2016-02-18 23:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-18 23:21 [PATCH-4.6 1/3] NVMe: Use simple ida interface Keith Busch
2016-02-18 23:21 ` [PATCH-4.6 2/3] NVMe: Code naming cleanup Keith Busch
2016-02-21 16:18 ` Christoph Hellwig
2016-02-22 8:57 ` Sagi Grimberg
2016-02-18 23:21 ` Keith Busch [this message]
2016-02-19 19:14 ` [PATCH-4.6 3/3] NVMe: Don't allow unsupported flags Derrick, Jonathan
2016-02-21 16:20 ` Christoph Hellwig
2016-02-21 16:18 ` [PATCH-4.6 1/3] NVMe: Use simple ida interface Christoph Hellwig
2016-02-22 8:56 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455837677-23248-3-git-send-email-keith.busch@intel.com \
--to=keith.busch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).