Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1597626ybv; Fri, 21 Feb 2020 00:01:19 -0800 (PST) X-Google-Smtp-Source: APXvYqxMSpt41O4ymucUMjyXm3cfInZhaw5+KFJq5hrjxdp0vK5VeN3tEXip/0FgML3YanL2vDMr X-Received: by 2002:a9d:7a47:: with SMTP id z7mr27798739otm.179.1582272079615; Fri, 21 Feb 2020 00:01:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582272079; cv=none; d=google.com; s=arc-20160816; b=K/nk6I25BmVSRzCBr9Ge/NA2NhI5TN+2LULDP+Jh/4Xp5RGqAOuLTQY+q52Po9/400 qgkPuhYmq/fDy3O9r5ZgX+mj/iGAjV5VouWjW8JazpDfYwXQkkhpiRMwdoqdFLYYdZIA HHAKvrcZq128I7t8T7Hh1vzmsBpfrdYbhEvzPwDOtOltPq/6LxQ2PYoKFBDn2B2Qde7W bqoEqUHmjeciHyhseHRgsgeWJj19SlIkhMC63Tp9S96VAsx8u8qCgYHlZ7RsOjEGffzF b9feiM48P/I84g9JoHus7bnJRNf8hW/tuz7XkMoPzvdBSkBZxTO+Hr1ebccdrM1AMsQv aaUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NpCA6WeRO10gcGXd/GxSxsoBPpO/TJyG8xWNT9ZK0pQ=; b=OP7cHRF17frsrPh37vxQI4ecJWu2L9R0y2HAQOhecFgbbaJSR/9Mqobi6DR8aL1vQe +HQtp4Sq1OtOs3OjDxX3VZvDH/gdaljHXxIpYgI3vTvrZ4tf7zevIPrqaR3tmnhtmw1g PuW6E8rZ19QMo0WE0l6JqnK2EF7d25xDwo3/K/Tl9THas+s8lwrpV97BfgJjpGa0rGva 2As4oDA7fewXwAFCJ4SW2QMdlvTvj9ueuF6PyrNoExB2sB7n+bKzuMkH4x5cExQfyG8U qF22/o+7z4NQjmOb2l4a6mY16i0UhXQYq0HFaHlf3p6HpF5AjCZKn2V7A2BFW8iCh5hD UAIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l9I34nVY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h138si483621oib.6.2020.02.21.00.01.07; Fri, 21 Feb 2020 00:01:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l9I34nVY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730994AbgBUIAD (ORCPT + 99 others); Fri, 21 Feb 2020 03:00:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:60242 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730986AbgBUIAB (ORCPT ); Fri, 21 Feb 2020 03:00:01 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BFD52206ED; Fri, 21 Feb 2020 07:59:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582272000; bh=AQyN84R5YGMyWpb9NCPcHNHXXRYjZNMbDO4ty2yJ4Is=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l9I34nVYXg8C3UXcnEKnOrn+AwqmWAxlLEA2e1NzGkz+pJkemOF6yiK8KZnbkH3v0 rzqFkvXquj5rBDZTUTxR5drSdNHHlXiOA7TL6blq+JYJB2lPI/Qm3wTK1SNB8xN9nl mcFj/9s+CzrKrOZB7RTw7ljbqvNT/egs0JCw5NXU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dakshaja Uppalapati , Max Gurtovoy , Sagi Grimberg , Keith Busch , Sasha Levin , Christoph Hellwig Subject: [PATCH 5.5 378/399] nvmet: fix dsm failure when payload does not match sgl descriptor Date: Fri, 21 Feb 2020 08:41:43 +0100 Message-Id: <20200221072437.020455451@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200221072402.315346745@linuxfoundation.org> References: <20200221072402.315346745@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sagi Grimberg [ Upstream commit b716e6889c95f64ba32af492461f6cc9341f3f05 ] The host is allowed to pass the controller an sgl describing a buffer that is larger than the dsm payload itself, allow it when executing dsm. Reported-by: Dakshaja Uppalapati Reviewed-by: Christoph Hellwig , Reviewed-by: Max Gurtovoy Signed-off-by: Sagi Grimberg Signed-off-by: Keith Busch Signed-off-by: Sasha Levin --- drivers/nvme/target/core.c | 11 +++++++++++ drivers/nvme/target/io-cmd-bdev.c | 2 +- drivers/nvme/target/io-cmd-file.c | 2 +- drivers/nvme/target/nvmet.h | 1 + 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c index 35810a0a8d212..461987f669c50 100644 --- a/drivers/nvme/target/core.c +++ b/drivers/nvme/target/core.c @@ -939,6 +939,17 @@ bool nvmet_check_data_len(struct nvmet_req *req, size_t data_len) } EXPORT_SYMBOL_GPL(nvmet_check_data_len); +bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len) +{ + if (unlikely(data_len > req->transfer_len)) { + req->error_loc = offsetof(struct nvme_common_command, dptr); + nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR); + return false; + } + + return true; +} + int nvmet_req_alloc_sgl(struct nvmet_req *req) { struct pci_dev *p2p_dev = NULL; diff --git a/drivers/nvme/target/io-cmd-bdev.c b/drivers/nvme/target/io-cmd-bdev.c index b6fca0e421ef1..ea0e596be15dc 100644 --- a/drivers/nvme/target/io-cmd-bdev.c +++ b/drivers/nvme/target/io-cmd-bdev.c @@ -280,7 +280,7 @@ static void nvmet_bdev_execute_discard(struct nvmet_req *req) static void nvmet_bdev_execute_dsm(struct nvmet_req *req) { - if (!nvmet_check_data_len(req, nvmet_dsm_len(req))) + if (!nvmet_check_data_len_lte(req, nvmet_dsm_len(req))) return; switch (le32_to_cpu(req->cmd->dsm.attributes)) { diff --git a/drivers/nvme/target/io-cmd-file.c b/drivers/nvme/target/io-cmd-file.c index caebfce066056..cd5670b83118f 100644 --- a/drivers/nvme/target/io-cmd-file.c +++ b/drivers/nvme/target/io-cmd-file.c @@ -336,7 +336,7 @@ static void nvmet_file_dsm_work(struct work_struct *w) static void nvmet_file_execute_dsm(struct nvmet_req *req) { - if (!nvmet_check_data_len(req, nvmet_dsm_len(req))) + if (!nvmet_check_data_len_lte(req, nvmet_dsm_len(req))) return; INIT_WORK(&req->f.work, nvmet_file_dsm_work); schedule_work(&req->f.work); diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index 46df45e837c95..eda28b22a2c87 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -374,6 +374,7 @@ bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq, struct nvmet_sq *sq, const struct nvmet_fabrics_ops *ops); void nvmet_req_uninit(struct nvmet_req *req); bool nvmet_check_data_len(struct nvmet_req *req, size_t data_len); +bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len); void nvmet_req_complete(struct nvmet_req *req, u16 status); int nvmet_req_alloc_sgl(struct nvmet_req *req); void nvmet_req_free_sgl(struct nvmet_req *req); -- 2.20.1