[PATCH v3] nvme: core: reject invalid LBA data size from Identify Namespace

Tue Jun 2 06:10:07 PDT 2026

On 15/05/2026 19:58, Chao Shi wrote:
>   
> +	if (id->lbaf[lbaf].ds < SECTOR_SHIFT ||
 > +	    check_shl_overflow(le64_to_cpu(id->nsze),> +			 
id->lbaf[lbaf].ds - SECTOR_SHIFT,
> +			       &capacity)) {
> +		dev_warn_once(ns->ctrl->device,
> +			"invalid LBA data size %u, skipping namespace\n",
> +			id->lbaf[lbaf].ds);
> +		ret = -ENODEV;
> +		goto out;
> +	}

JFYI, this is giving a C=1 warning:

drivers/nvme/host/core.c:2411:13: warning: unsigned value that used to
be signed checked against zero?
drivers/nvme/host/core.c:2411:13: signed value source

I can't seem to quieten it myself, though.

BTW, I would have thought that check_shl_overflow would catch 
id->lbaf[lbaf].ds < SECTOR_SHIFT (so that we don't need the extra check).