[PATCH v3] nvme: Fix handling of large MDTS values
Bart Van Assche
bvanassche at acm.org
Fri Apr 2 02:39:07 BST 2021
Instead of triggering an integer overflow and undefined behavior if MDTS is
large, set max_hw_sectors to UINT_MAX.
Cc: Christoph Hellwig <hch at lst.de>
Cc: Sagi Grimberg <sagi at grimberg.me>
Cc: Keith Busch <kbusch at kernel.org>
Signed-off-by: Bart Van Assche <bvanassche at acm.org>
---
Changes compared to v2: reduced the two max_hw_sectors = UINT_MAX statements into a single assignment.
Changes compared to v1: removed a dev_err() call.
drivers/nvme/host/core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 40215a0246e4..87d43309742b 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3123,10 +3123,10 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
atomic_set(&ctrl->abort_limit, id->acl + 1);
ctrl->vwc = id->vwc;
- if (id->mdts)
- max_hw_sectors = 1 << (id->mdts + page_shift - 9);
- else
+ if (!id->mdts || check_shl_overflow(1U, id->mdts + page_shift - 9,
+ &max_hw_sectors)) {
max_hw_sectors = UINT_MAX;
+ }
ctrl->max_hw_sectors =
min_not_zero(ctrl->max_hw_sectors, max_hw_sectors);
More information about the Linux-nvme
mailing list