[PATCH v2] nvme: Fix handling of large MDTS values
Keith Busch
kbusch at kernel.org
Thu Apr 1 16:54:56 BST 2021
On Wed, Mar 31, 2021 at 08:59:52PM -0700, Bart Van Assche wrote:
> Instead of triggering an integer overflow and undefined behavior if MDTS is
> large, set max_hw_sectors to UINT_MAX.
>
> Signed-off-by: Bart Van Assche <bvanassche at acm.org>
> ---
>
> Changes compared to v1: removed a dev_err() call.
>
> drivers/nvme/host/core.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index 40215a0246e4..25bc28e8845f 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -3123,10 +3123,11 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
>
> atomic_set(&ctrl->abort_limit, id->acl + 1);
> ctrl->vwc = id->vwc;
> - if (id->mdts)
> - max_hw_sectors = 1 << (id->mdts + page_shift - 9);
> - else
> + max_hw_sectors = UINT_MAX;
> + if (id->mdts && check_shl_overflow(1U, id->mdts + page_shift - 9,
> + &max_hw_sectors)) {
> max_hw_sectors = UINT_MAX;
> + }
The condition can be rearranged so that max_hw_sectors is set to
UINT_MAX just once:
if (!id->mdts || check_shl_overflow(1U, id->mdts + page_shift - 9,
&max_hw_sectors)) {
max_hw_sectors = UINT_MAX;
}
> ctrl->max_hw_sectors =
> min_not_zero(ctrl->max_hw_sectors, max_hw_sectors);
>
More information about the Linux-nvme
mailing list