[PATCH v2 1/2] nvme: fix memory corruption for passthrough metadata
KANCHAN JOSHI/Host Software /SSIR/Staff Engineer/Samsung Electronics
joshi.k at samsung.com
Fri Sep 1 00:06:24 PDT 2023
On 8/31/2023 7:39 PM, Vincent Fu wrote:
> I think the metadata size check is too strict. Commands where the metadata size
> is too small should result in errors but when the metadata size is larger than
> needed they should still go through.
Indeed.
I will fold that change in the next version.
> In any case, I tested this patch on a QEMU NVMe device (which supports PI by
> default).
>
> I formatted the device with a 512+16 lbaf with a separate buffer for metadata:
>
> nvme format /dev/ng0n1 -m 0 -i 1 -p 0 --lbaf 2 --force
>
> Using the latest fio I wrote some data to it:
>
> ./fio --name=difdix --ioengine=io_uring_cmd --cmd_type=nvme \
> --filename=/dev/ng0n1 --rw=write --bs=512 --md_per_io_size=16 --pi_act=1 \
> --pi_chk=APPTAG --apptag=0x8888 --apptag_mask=0xFFFF --number_ios=128
>
> Then I wrote a small program to read 4096 bytes from the device with only a
> 16-byte (instead of 64-byte) metadata buffer. Without this patch the kernel
> crashes. With the patch the read fails with an error message in the kernel log.
>
> Tested-by: Vincent Fu <vincent.fu at samsung.com>
Thanks.
More information about the Linux-nvme
mailing list