[PATCH 2/2] nvme: avoid memory corruption for sync passthrough

Kanchan Joshi joshi.k at samsung.com
Fri Aug 11 08:59:06 PDT 2023


Sync passthrough metadata handling also needs to avoid the situation of
device writing into unrelated kernel memory.

Signed-off-by: Kanchan Joshi <joshi.k at samsung.com>
---
 drivers/nvme/host/ioctl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index fb73fa95f090..f7adabbc9e9f 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -388,6 +388,10 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
 	c.common.cdw14 = cpu_to_le32(cmd.cdw14);
 	c.common.cdw15 = cpu_to_le32(cmd.cdw15);
 
+	if (!nvme_validate_passthru_meta(ctrl, ns, &c, cmd.metadata,
+					 cmd.metadata_len))
+		return -EINVAL;
+
 	if (!nvme_cmd_allowed(ns, &c, 0, open_for_write))
 		return -EACCES;
 
@@ -435,6 +439,10 @@ static int nvme_user_cmd64(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
 	c.common.cdw14 = cpu_to_le32(cmd.cdw14);
 	c.common.cdw15 = cpu_to_le32(cmd.cdw15);
 
+	if (!nvme_validate_passthru_meta(ctrl, ns, &c, cmd.metadata,
+					 cmd.metadata_len))
+		return -EINVAL;
+
 	if (!nvme_cmd_allowed(ns, &c, flags, open_for_write))
 		return -EACCES;
 
-- 
2.25.1




More information about the Linux-nvme mailing list