[PATCH v2 1/2] nvme: fix memory corruption for passthrough metadata
Vincent Fu
vincent.fu at samsung.com
Thu Aug 31 07:09:18 PDT 2023
I think the metadata size check is too strict. Commands where the metadata size
is too small should result in errors but when the metadata size is larger than
needed they should still go through.
In any case, I tested this patch on a QEMU NVMe device (which supports PI by
default).
I formatted the device with a 512+16 lbaf with a separate buffer for metadata:
nvme format /dev/ng0n1 -m 0 -i 1 -p 0 --lbaf 2 --force
Using the latest fio I wrote some data to it:
./fio --name=difdix --ioengine=io_uring_cmd --cmd_type=nvme \
--filename=/dev/ng0n1 --rw=write --bs=512 --md_per_io_size=16 --pi_act=1 \
--pi_chk=APPTAG --apptag=0x8888 --apptag_mask=0xFFFF --number_ios=128
Then I wrote a small program to read 4096 bytes from the device with only a
16-byte (instead of 64-byte) metadata buffer. Without this patch the kernel
crashes. With the patch the read fails with an error message in the kernel log.
Tested-by: Vincent Fu <vincent.fu at samsung.com>
More information about the Linux-nvme
mailing list