[PATCH v2] nvme: check for valid data from from nvme_identify_ns() before using it
Keith Busch
kbusch at kernel.org
Tue Nov 28 09:32:11 PST 2023
On Tue, Nov 28, 2023 at 11:10:29AM -0500, Ewan Milne wrote:
> > Interestingly enough, I think this is the same as what was recently
> > reported here:
> >
> > https://bugzilla.kernel.org/show_bug.cgi?id=218186
> >
>
> Yes, from the stack trace and BZ comments it looks like it.
Slightly related, there's nothing stopping a device from reporting a
bogus LBA shift value. We're only checking for "too big", but neglect to
check for too small, and may similiarly shift off to a division by 0. We
might need a check like this too:
---
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index a55c2a774b9c4..8bf78f876f7ac 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1903,7 +1903,7 @@ static void nvme_update_disk_info(struct gendisk *disk,
* The block layer can't support LBA sizes larger than the page size
* yet, so catch this early and don't allow block I/O.
*/
- if (ns->lba_shift > PAGE_SHIFT) {
+ if (ns->lba_shift > PAGE_SHIFT || ns->lba_shift < SECTOR_SHIFT) {
capacity = 0;
bs = (1 << 9);
}
--
More information about the Linux-nvme
mailing list