Date: Mon, 29 Jun 2020 00:31:58 +0000 (UTC) From: Chuck Tuffli <chuck@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362758 - head/usr.sbin/bhyve Message-ID: <202006290031.05T0VwS7049825@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: chuck Date: Mon Jun 29 00:31:58 2020 New Revision: 362758 URL: https://svnweb.freebsd.org/changeset/base/362758 Log: bhyve: validate NVMe deallocate range values For NVMe emulation, validate the Data Set Management LBA ranges do not exceed the capacity of the backing storage. If they do, return an "LBA Out of Range" error. Fixes UNH Test 2.2.3 Tested by: Jason Tubnor MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D24893 Modified: head/usr.sbin/bhyve/pci_nvme.c Modified: head/usr.sbin/bhyve/pci_nvme.c ============================================================================== --- head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:54 2020 (r362757) +++ head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:58 2020 (r362758) @@ -1877,6 +1877,11 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc, nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, cmd->prp1, cmd->prp2, (uint8_t *)range, NVME_MAX_DSM_TRIM, NVME_COPY_FROM_PRP); + if ((range[0].starting_lba * sectsz) > nvstore->size) { + pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE); + goto out; + } + /* * If the request is for more than a single range, store * the ranges in the br_iov. Optimize for the common case @@ -1896,6 +1901,10 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc, struct iovec *iov = req->io_req.br_iov; for (r = 0; r <= nr; r++) { + if ((range[r].starting_lba * sectsz) > nvstore->size) { + pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE); + goto out; + } iov[r].iov_base = (void *)(range[r].starting_lba * sectsz); iov[r].iov_len = range[r].length * sectsz; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006290031.05T0VwS7049825>