From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 389CD36D518 for ; Tue, 2 Dec 2025 00:27:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764635271; cv=none; b=gZRgZ+quUHnZC//44VVLSe9/Tr1CJEMIW5b5EADUTp1VEGM6OYHymXBXVF3V+NmqlANPb3xGm2si2ZJAaTinHSDIAVPsSBtJhNzaPCoLGT/j5wVU2n83bDqUif6Zqikm7HCPnNtkd6I3nKDjpAE3f/zASzMz6hU0B8E98jYEte4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764635271; c=relaxed/simple; bh=8OcKANKMxhWbSldT3hHBonHczicnEeMyT6RjUAi6Jhw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UvM/2PIz+6y3fTt1sUF6N2kgW0WmjcdOoSKkiY+lTcjaebLsssCYxPatikF+OP0ca4KRffM+6KVBmF9NtOS4XiY//uMIynw5bsTd5lAJJyWupIvT4GScwzdwKiTx+EMm4aoJYz1KW2EbNoGAJ3bGZeul3w3pTbTlnenQ2AtIbjA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qC2i16CA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qC2i16CA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63865C4CEF1; Tue, 2 Dec 2025 00:27:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1764635270; bh=8OcKANKMxhWbSldT3hHBonHczicnEeMyT6RjUAi6Jhw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=qC2i16CAe9ktzbd92ui05tsH3RV6sZGK8jrxwIk2P6arVSgFKvS1c0lNw1ANIph4k P+ygry9eytqkxyvd3ipKi5mWg6rCe7Yd0/4IEf+VF0+mtAb838fVmiJQkNxATZluFv tZUznbp/7KX/Yrmsc755bJtKztBbvVESMl/mP8K59KQN8NPey2I2+pnIIjlDQMkQGB dpcvFb+WomQIEcf7azj4S/+d7Iw5joy+zD0MD7bwHySDSZ4Z7+OfXpiNFUu+VzGtb8 z0gKGNSDHB0N9EEhdCxXS8HMR5KcjMXhX2IoiHZBZ6nDZvGmaaFeH1CcITI2s9yz2q LPHgpnKFug+Rg== Date: Mon, 1 Dec 2025 17:27:48 -0700 From: Keith Busch To: Eugene Korenevsky Cc: Jens Axboe , Christoph Hellwig , Sagi Grimberg , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] nvme: nvme_identify_ns_descs: prevent oob Message-ID: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Dec 01, 2025 at 10:43:23PM +0300, Eugene Korenevsky wrote: > - for (pos = 0; pos < NVME_IDENTIFY_DATA_SIZE; pos += len) { > - struct nvme_ns_id_desc *cur = data + pos; > + pos = 0; > + do { > + cur = data + pos; > > if (cur->nidl == 0) > break; > + /* check ns id desc does not exceed remaining buffer by size */ > + if (cur->nidl + sizeof(*cur) > NVME_IDENTIFY_DATA_SIZE - pos) > + break; > > len = nvme_process_ns_desc(ctrl, &info->ids, cur, &csi_seen); > if (len < 0) > break; > > - len += sizeof(*cur); > - } > + pos += sizeof(*cur); > + pos += len; > + } while (pos < NVME_IDENTIFY_DATA_SIZE - sizeof(*cur)); I don't want bikeshed this, but I thought this looked better as a for-loop. You can just modify the continuing condition instead of changing the loop type to do-while.