[PATCH 1/2] nvme: fix memory corruption for passthrough metadata
Keith Busch
kbusch at kernel.org
Fri Aug 11 09:57:36 PDT 2023
On Fri, Aug 11, 2023 at 09:29:05PM +0530, Kanchan Joshi wrote:
> +static bool nvme_validate_passthru_meta(struct nvme_ctrl *ctrl,
> + struct nvme_ns *ns,
> + struct nvme_command *c,
> + __u64 meta, __u32 meta_len)
> +{
> + /*
> + * User may specify smaller meta-buffer with a larger data-buffer.
> + * Driver allocated meta buffer will also be small.
> + * Device can do larger dma into that, overwriting unrelated kernel
> + * memory.
> + */
> + if (ns && (meta_len || meta)) {
> + u16 nlb = lower_16_bits(le32_to_cpu(c->common.cdw12));
> +
> + if (meta_len != (nlb + 1) * ns->ms) {
> + dev_err(ctrl->device,
> + "%s: metadata length does not match!\n", current->comm);
> + return false;
> + }
Don't you need to check the command PRINFO PRACT bit to know if metadata
length is striped/generated on the controller side?
More information about the Linux-nvme
mailing list