[PATCH v2 1/2] nvme: fix memory corruption for passthrough metadata

KANCHAN JOSHI/Host Software /SSIR/Staff Engineer/Samsung Electronics joshi.k at samsung.com
Fri Sep 1 00:06:24 PDT 2023


On 8/31/2023 7:39 PM, Vincent Fu wrote:
> I think the metadata size check is too strict. Commands where the metadata size
> is too small should result in errors but when the metadata size is larger than
> needed they should still go through.

Indeed.
I will fold that change in the next version.

> In any case, I tested this patch on a QEMU NVMe device (which supports PI by
> default).
> 
> I formatted the device with a 512+16 lbaf with a separate buffer for metadata:
> 
> nvme format /dev/ng0n1 -m 0 -i 1 -p 0 --lbaf 2 --force
> 
> Using the latest fio I wrote some data to it:
> 
> ./fio --name=difdix --ioengine=io_uring_cmd --cmd_type=nvme \
>    --filename=/dev/ng0n1 --rw=write --bs=512 --md_per_io_size=16 --pi_act=1 \
>    --pi_chk=APPTAG --apptag=0x8888 --apptag_mask=0xFFFF --number_ios=128
> 
> Then I wrote a small program to read 4096 bytes from the device with only a
> 16-byte (instead of 64-byte) metadata buffer. Without this patch the kernel
> crashes. With the patch the read fails with an error message in the kernel log.
> 
> Tested-by: Vincent Fu <vincent.fu at samsung.com>

Thanks.



More information about the Linux-nvme mailing list