[PATCH v3] nvme: Fix handling of large MDTS values

Bart Van Assche bvanassche at acm.org
Fri Apr 2 02:39:07 BST 2021


Instead of triggering an integer overflow and undefined behavior if MDTS is
large, set max_hw_sectors to UINT_MAX.

Cc: Christoph Hellwig <hch at lst.de>
Cc: Sagi Grimberg <sagi at grimberg.me>
Cc: Keith Busch <kbusch at kernel.org>
Signed-off-by: Bart Van Assche <bvanassche at acm.org>
---

Changes compared to v2: reduced the two max_hw_sectors = UINT_MAX statements into a single assignment.
Changes compared to v1: removed a dev_err() call.

 drivers/nvme/host/core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 40215a0246e4..87d43309742b 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3123,10 +3123,10 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
 
 	atomic_set(&ctrl->abort_limit, id->acl + 1);
 	ctrl->vwc = id->vwc;
-	if (id->mdts)
-		max_hw_sectors = 1 << (id->mdts + page_shift - 9);
-	else
+	if (!id->mdts || check_shl_overflow(1U, id->mdts + page_shift - 9,
+					    &max_hw_sectors)) {
 		max_hw_sectors = UINT_MAX;
+	}
 	ctrl->max_hw_sectors =
 		min_not_zero(ctrl->max_hw_sectors, max_hw_sectors);
 



More information about the Linux-nvme mailing list