1. Patchew
  2. QEMU
  3. [PATCH 00/12] coverity fixes
  4. View patch

[PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid

Vladimir Sementsov-Ogievskiy posted 12 patches 1 year, 1 month ago
Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Fam Zheng <fam@euphon.net>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Peter Xu <peterx@redhat.com>, Jason Wang <jasowang@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, "Daniel P. Berrangé" <berrange@redhat.com>, Alistair Francis <alistair.francis@wdc.com>, David Gibson <david@gibson.dropbear.id.au>
There is a newer version of this series
[PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid
Posted by Vladimir Sementsov-Ogievskiy 1 year, 1 month ago 
NVMeQueuePair::reqs as length NVME_NUM_REQS, which less than
NVME_QUEUE_SIZE by 1.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
---
 block/nvme.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/block/nvme.c b/block/nvme.c
index b6e95f0b7e..7f11ce1d46 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -416,9 +416,9 @@ static bool nvme_process_completion(NVMeQueuePair *q)
             q->cq_phase = !q->cq_phase;
         }
         cid = le16_to_cpu(c->cid);
-        if (cid == 0 || cid > NVME_QUEUE_SIZE) {
-            warn_report("NVMe: Unexpected CID in completion queue: %"PRIu32", "
-                        "queue size: %u", cid, NVME_QUEUE_SIZE);
+        if (cid == 0 || cid > NVME_NUM_REQS) {
+            warn_report("NVMe: Unexpected CID in completion queue: %" PRIu32
+                        ", should be within is: 1..%u", cid, NVME_NUM_REQS);
             continue;
         }
         trace_nvme_complete_command(s, q->index, cid);
-- 
2.34.1
Re: [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid
Posted by Peter Maydell 1 year, 1 month ago 
On Mon, 25 Sept 2023 at 20:42, Vladimir Sementsov-Ogievskiy
<vsementsov@yandex-team.ru> wrote:
>
> NVMeQueuePair::reqs as length NVME_NUM_REQS, which less than
> NVME_QUEUE_SIZE by 1.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
> ---
>  block/nvme.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/block/nvme.c b/block/nvme.c
> index b6e95f0b7e..7f11ce1d46 100644
> --- a/block/nvme.c
> +++ b/block/nvme.c
> @@ -416,9 +416,9 @@ static bool nvme_process_completion(NVMeQueuePair *q)
>              q->cq_phase = !q->cq_phase;
>          }
>          cid = le16_to_cpu(c->cid);
> -        if (cid == 0 || cid > NVME_QUEUE_SIZE) {
> -            warn_report("NVMe: Unexpected CID in completion queue: %"PRIu32", "
> -                        "queue size: %u", cid, NVME_QUEUE_SIZE);
> +        if (cid == 0 || cid > NVME_NUM_REQS) {
> +            warn_report("NVMe: Unexpected CID in completion queue: %" PRIu32
> +                        ", should be within is: 1..%u", cid, NVME_NUM_REQS);
>              continue;
>          }
>          trace_nvme_complete_command(s, q->index, cid);

A slightly different patch for this one was sent to the list back in 2020 but
apparently fell through the cracks:

https://patchew.org/QEMU/20201208144452.91172-1-alex.chen@huawei.com/

-- PMM
Re: [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid
Posted by Michael Tokarev 1 year, 1 month ago 
25.09.2023 22:40, Vladimir Sementsov-Ogievskiy wrote:
> NVMeQueuePair::reqs as length NVME_NUM_REQS, which less than
> NVME_QUEUE_SIZE by 1.

> +        if (cid == 0 || cid > NVME_NUM_REQS) {
> +            warn_report("NVMe: Unexpected CID in completion queue: %" PRIu32
> +                        ", should be within is: 1..%u", cid, NVME_NUM_REQS);

  - is: I guess :)

/mjt

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.