From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7B2D35EE5
	for <stable@vger.kernel.org>; Mon,  4 Dec 2023 20:35:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iVXk2owo"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77FDDC433CC;
	Mon,  4 Dec 2023 20:34:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1701722100;
	bh=eGm+sBvt0gdj+0zTu3T2RywpCFcezynjcVTWXyJLyW4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=iVXk2owoS/1lAMxzsrTb8Vvzoc0KNIez8bAtw79bv0ZhaDpsgFVg1Hwkas8lCZP0I
	 ZEN3vYcWvKktIOtDbZ8UCeKDBfO1FJzBMK8OBtiIkn03By01jKLclQUHKXo883KqgI
	 ZpHvVC1Vo5nrlnkHwcoAMl2T2WGaYyiRmHpM/wPi5uvGZzI5t8RwzChlU09iFIhSGO
	 aZMpk0WRRPyZQtvcAl6iVazG5f8vdUxXg8If317wIA142M47puQPZwO5K/+YkbH0Vy
	 k8wWp1+Nrt6c2SZkUBCxoKPG7YKTr6Id3DQQ+dH3C0EuJBr7s+Xhqx7nPI9FtD1t2m
	 8pN70Gfbw1BeA==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Keith Busch <kbusch@kernel.org>,
	Jens Axboe <axboe@kernel.dk>,
	Sasha Levin <sashal@kernel.org>,
	sagi@grimberg.me,
	linux-nvme@lists.infradead.org
Subject: [PATCH AUTOSEL 6.6 32/32] nvme-core: check for too small lba shift
Date: Mon,  4 Dec 2023 15:32:52 -0500
Message-ID: <20231204203317.2092321-32-sashal@kernel.org>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <20231204203317.2092321-1-sashal@kernel.org>
References: <20231204203317.2092321-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: stable@vger.kernel.org
List-Id: <stable.vger.kernel.org>
List-Subscribe: <mailto:stable+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:stable+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
X-stable-base: Linux 6.6.4
Content-Transfer-Encoding: 8bit

From: Keith Busch <kbusch@kernel.org>

[ Upstream commit 74fbc88e161424b3b96a22b23a8e3e1edab9d05c ]

The block layer doesn't support logical block sizes smaller than 512
bytes. The nvme spec doesn't support that small either, but the driver
isn't checking to make sure the device responded with usable data.
Failing to catch this will result in a kernel bug, either from a
division by zero when stacking, or a zero length bio.

Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvme/host/core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index b4521deb1c716..dfc0e02150911 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1890,9 +1890,10 @@ static void nvme_update_disk_info(struct gendisk *disk,
 
 	/*
 	 * The block layer can't support LBA sizes larger than the page size
-	 * yet, so catch this early and don't allow block I/O.
+	 * or smaller than a sector size yet, so catch this early and don't
+	 * allow block I/O.
 	 */
-	if (ns->lba_shift > PAGE_SHIFT) {
+	if (ns->lba_shift > PAGE_SHIFT || ns->lba_shift < SECTOR_SHIFT) {
 		capacity = 0;
 		bs = (1 << 9);
 	}
-- 
2.42.0