* [PATCH v2] nvme: Fix handling of large MDTS values
@ 2021-04-01 3:59 Bart Van Assche
2021-04-01 8:26 ` Sagi Grimberg
2021-04-01 15:54 ` Keith Busch
0 siblings, 2 replies; 4+ messages in thread
From: Bart Van Assche @ 2021-04-01 3:59 UTC (permalink / raw)
To: Keith Busch, Sagi Grimberg; +Cc: Christoph Hellwig, linux-nvme, Bart Van Assche
Instead of triggering an integer overflow and undefined behavior if MDTS is
large, set max_hw_sectors to UINT_MAX.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
Changes compared to v1: removed a dev_err() call.
drivers/nvme/host/core.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 40215a0246e4..25bc28e8845f 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3123,10 +3123,11 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
atomic_set(&ctrl->abort_limit, id->acl + 1);
ctrl->vwc = id->vwc;
- if (id->mdts)
- max_hw_sectors = 1 << (id->mdts + page_shift - 9);
- else
+ max_hw_sectors = UINT_MAX;
+ if (id->mdts && check_shl_overflow(1U, id->mdts + page_shift - 9,
+ &max_hw_sectors)) {
max_hw_sectors = UINT_MAX;
+ }
ctrl->max_hw_sectors =
min_not_zero(ctrl->max_hw_sectors, max_hw_sectors);
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] nvme: Fix handling of large MDTS values
2021-04-01 3:59 [PATCH v2] nvme: Fix handling of large MDTS values Bart Van Assche
@ 2021-04-01 8:26 ` Sagi Grimberg
2021-04-01 15:54 ` Keith Busch
1 sibling, 0 replies; 4+ messages in thread
From: Sagi Grimberg @ 2021-04-01 8:26 UTC (permalink / raw)
To: Bart Van Assche, Keith Busch; +Cc: Christoph Hellwig, linux-nvme
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] nvme: Fix handling of large MDTS values
2021-04-01 3:59 [PATCH v2] nvme: Fix handling of large MDTS values Bart Van Assche
2021-04-01 8:26 ` Sagi Grimberg
@ 2021-04-01 15:54 ` Keith Busch
2021-04-02 1:37 ` Bart Van Assche
1 sibling, 1 reply; 4+ messages in thread
From: Keith Busch @ 2021-04-01 15:54 UTC (permalink / raw)
To: Bart Van Assche; +Cc: Sagi Grimberg, Christoph Hellwig, linux-nvme
On Wed, Mar 31, 2021 at 08:59:52PM -0700, Bart Van Assche wrote:
> Instead of triggering an integer overflow and undefined behavior if MDTS is
> large, set max_hw_sectors to UINT_MAX.
>
> Signed-off-by: Bart Van Assche <bvanassche@acm.org>
> ---
>
> Changes compared to v1: removed a dev_err() call.
>
> drivers/nvme/host/core.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index 40215a0246e4..25bc28e8845f 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -3123,10 +3123,11 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
>
> atomic_set(&ctrl->abort_limit, id->acl + 1);
> ctrl->vwc = id->vwc;
> - if (id->mdts)
> - max_hw_sectors = 1 << (id->mdts + page_shift - 9);
> - else
> + max_hw_sectors = UINT_MAX;
> + if (id->mdts && check_shl_overflow(1U, id->mdts + page_shift - 9,
> + &max_hw_sectors)) {
> max_hw_sectors = UINT_MAX;
> + }
The condition can be rearranged so that max_hw_sectors is set to
UINT_MAX just once:
if (!id->mdts || check_shl_overflow(1U, id->mdts + page_shift - 9,
&max_hw_sectors)) {
max_hw_sectors = UINT_MAX;
}
> ctrl->max_hw_sectors =
> min_not_zero(ctrl->max_hw_sectors, max_hw_sectors);
>
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] nvme: Fix handling of large MDTS values
2021-04-01 15:54 ` Keith Busch
@ 2021-04-02 1:37 ` Bart Van Assche
0 siblings, 0 replies; 4+ messages in thread
From: Bart Van Assche @ 2021-04-02 1:37 UTC (permalink / raw)
To: Keith Busch; +Cc: Sagi Grimberg, Christoph Hellwig, linux-nvme
On 4/1/21 8:54 AM, Keith Busch wrote:
> On Wed, Mar 31, 2021 at 08:59:52PM -0700, Bart Van Assche wrote:
>> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
>> index 40215a0246e4..25bc28e8845f 100644
>> --- a/drivers/nvme/host/core.c
>> +++ b/drivers/nvme/host/core.c
>> @@ -3123,10 +3123,11 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
>>
>> atomic_set(&ctrl->abort_limit, id->acl + 1);
>> ctrl->vwc = id->vwc;
>> - if (id->mdts)
>> - max_hw_sectors = 1 << (id->mdts + page_shift - 9);
>> - else
>> + max_hw_sectors = UINT_MAX;
>> + if (id->mdts && check_shl_overflow(1U, id->mdts + page_shift - 9,
>> + &max_hw_sectors)) {
>> max_hw_sectors = UINT_MAX;
>> + }
>
> The condition can be rearranged so that max_hw_sectors is set to
> UINT_MAX just once:
>
> if (!id->mdts || check_shl_overflow(1U, id->mdts + page_shift - 9,
> &max_hw_sectors)) {
> max_hw_sectors = UINT_MAX;
> }
Hi Keith,
That's an interesting suggestion. I will integrate this change in my
patch and repost it.
Thanks,
Bart.
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-02 1:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-01 3:59 [PATCH v2] nvme: Fix handling of large MDTS values Bart Van Assche
2021-04-01 8:26 ` Sagi Grimberg
2021-04-01 15:54 ` Keith Busch
2021-04-02 1:37 ` Bart Van Assche
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox