[PATCH 2/2] nvme: avoid memory corruption for sync passthrough
Kanchan Joshi
joshi.k at samsung.com
Fri Aug 11 08:59:06 PDT 2023
Sync passthrough metadata handling also needs to avoid the situation of
device writing into unrelated kernel memory.
Signed-off-by: Kanchan Joshi <joshi.k at samsung.com>
---
drivers/nvme/host/ioctl.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index fb73fa95f090..f7adabbc9e9f 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -388,6 +388,10 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
c.common.cdw14 = cpu_to_le32(cmd.cdw14);
c.common.cdw15 = cpu_to_le32(cmd.cdw15);
+ if (!nvme_validate_passthru_meta(ctrl, ns, &c, cmd.metadata,
+ cmd.metadata_len))
+ return -EINVAL;
+
if (!nvme_cmd_allowed(ns, &c, 0, open_for_write))
return -EACCES;
@@ -435,6 +439,10 @@ static int nvme_user_cmd64(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
c.common.cdw14 = cpu_to_le32(cmd.cdw14);
c.common.cdw15 = cpu_to_le32(cmd.cdw15);
+ if (!nvme_validate_passthru_meta(ctrl, ns, &c, cmd.metadata,
+ cmd.metadata_len))
+ return -EINVAL;
+
if (!nvme_cmd_allowed(ns, &c, flags, open_for_write))
return -EACCES;
--
2.25.1
More information about the Linux-nvme
mailing list