Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Nov 2022 01:10:55 GMT
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 1d9e8a9e6095 - main - bhyve: Don't leak uninitialized bits in NVMe completion statuses.
Message-ID:  <202211290110.2AT1Atdq045212@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=1d9e8a9e60953b148a036b39d1fe7037fdbb40a3

commit 1d9e8a9e60953b148a036b39d1fe7037fdbb40a3
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-11-29 01:08:36 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-11-29 01:08:36 +0000

    bhyve: Don't leak uninitialized bits in NVMe completion statuses.
    
    In some cases, some bits in the 16-bit status word were never
    initialized.
    
    Reported by:    GCC
    Reviewed by:    corvink, chuck, markj
    Differential Revision:  https://reviews.freebsd.org/D37486
---
 usr.sbin/bhyve/pci_nvme.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c
index 6572781e939c..98f4a7de72c8 100644
--- a/usr.sbin/bhyve/pci_nvme.c
+++ b/usr.sbin/bhyve/pci_nvme.c
@@ -1530,6 +1530,7 @@ nvme_opc_identify(struct pci_nvme_softc* sc, struct nvme_command* command,
 	DPRINTF("%s identify 0x%x nsid 0x%x", __func__,
 	        command->cdw10 & 0xFF, command->nsid);
 
+	status = 0;
 	pci_nvme_status_genc(&status, NVME_SC_SUCCESS);
 
 	switch (command->cdw10 & 0xFF) {
@@ -2383,6 +2384,7 @@ pci_nvme_io_done(struct blockif_req *br, int err)
 
 	/* TODO return correct error */
 	code = err ? NVME_SC_DATA_TRANSFER_ERROR : NVME_SC_SUCCESS;
+	status = 0;
 	pci_nvme_status_genc(&status, code);
 
 	pci_nvme_set_completion(req->sc, sq, req->sqid, req->cid, status);
@@ -2447,6 +2449,7 @@ nvme_write_read_ram(struct pci_nvme_softc *sc,
 	else
 		dir = NVME_COPY_FROM_PRP;
 
+	status = 0;
 	if (nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, prp1, prp2,
 	    buf + offset, bytes, dir))
 		pci_nvme_status_genc(&status,
@@ -2594,6 +2597,7 @@ pci_nvme_dealloc_sm(struct blockif_req *br, int err)
 	bool done = true;
 	uint16_t status;
 
+	status = 0;
 	if (err) {
 		pci_nvme_status_genc(&status, NVME_SC_INTERNAL_DEVICE_ERROR);
 	} else if ((req->prev_gpaddr + 1) == (req->prev_size)) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211290110.2AT1Atdq045212>