From nobody Sat Jan 29 23:15:47 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 940EA197B324;
	Sat, 29 Jan 2022 23:15:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JmVYc1Tn9z3sZs;
	Sat, 29 Jan 2022 23:15:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1643498148;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vSkxBG12dNko9a7bYHnfzUr2UH9ZjkWK41ou8Is9+0I=;
	b=WgBUMG2LKYWExP+mL/8NlLiGpo5r5HGgLSbY/64js16Mz1DFz/NiuKAACAY5wbeg7K3FxT
	Y+OYHgvlWm0ZOukykp3JfQcz8JblBbZNAzbzXZgzWfkk8NJR3fJXEbi8T2GiBbaLlxudKX
	eE9Gm0uCwN+nz6oqBA/kNBpIc5nCFAQP3QWibziCA1l/kTRndrVA4Lpc0Jv9CTDvLBhp5k
	ZRSYrJSUaTBemg64t2we2LbQqezRTvXterIMbOKoJtz4Wrz1mXSavObwXxWz6AldrQHJs6
	QbkEltUXQQYdRQ/feSNhtou2NY54ocBcyEU7PYfnkCxEg8AbKXpNIHD+o3tk+A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B13F01E272;
	Sat, 29 Jan 2022 23:15:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20TNFlt0008359;
	Sat, 29 Jan 2022 23:15:47 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20TNFlwY008358;
	Sat, 29 Jan 2022 23:15:47 GMT
	(envelope-from git)
Date: Sat, 29 Jan 2022 23:15:47 GMT
Message-Id: <202201292315.20TNFlwY008358@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Chuck Tuffli <chuck@FreeBSD.org>
Subject: git: 9d8cd04694d4 - main - bhyve nvme: Fix LBA out-of-range calculation
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: chuck
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 9d8cd04694d47d48cc4003f8322739ba10fa8108
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1643498148;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vSkxBG12dNko9a7bYHnfzUr2UH9ZjkWK41ou8Is9+0I=;
	b=Iq6ZigFLN6chUWv0lIWq+Od3POz1eDALh63IeE1Y8mE5oSwIaJ6tok/tjtQFTxxdoj7IR+
	ceBZkpc13xwhUc/1lJVrvT+QIGLcModn/j/1e7zIMfNO4yi38CjoJ63s7L8r79CI+Kdnei
	4/kiCGvkykT5uBG1NsWiYCHz1DbucADdHitVsW43l/ZDHprNlxzBOMYqrAo2yibT8ejrBJ
	8haukmAUJQLoqO2H9FstNwC7SFZ5P83gYh5VWqqsr6xZvU0qeGMX7792XoHGIa5sO8XEjt
	qBxZdiTZvWb1iW7qDrGmh8WO82d+u571NEK4k95OiqkWXLgc8/szbetbVlqiFw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643498148; a=rsa-sha256; cv=none;
	b=tfEuW02DLj3ZPD37TpxgI0Y7J8lyQ+5Z+s15EeoCBfBzO1BkFkwrQXsC2mCk4QVejoV+TH
	uBzJnONb04JZClFx/yZoikwshuXAIQNDRofGgmidMYeNH8qFItB1ZqpSXS4YRJQxbj4vFP
	e/Aqs3gBr02BhFypch/c6dNnq3XksII1JxH1Ealt/OCKCjO7UO7pZRoDI4viBH1YeVkhuu
	JpyBuKAAXq7YmQZynvQGslFepx5FLRQFhk+RWVpa1K1n+0A1DGhY2BUTKWzLdUO1eymmLD
	njRFp7e6JyEn6rnoza73Uw4I30A4bvj7eYmcNDU+KPUACM/0QEapAAx5At/ccg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by chuck:

URL: https://cgit.FreeBSD.org/src/commit/?id=9d8cd04694d47d48cc4003f8322739ba10fa8108

commit 9d8cd04694d47d48cc4003f8322739ba10fa8108
Author:     Chuck Tuffli <chuck@FreeBSD.org>
AuthorDate: 2022-01-30 07:09:57 +0000
Commit:     Chuck Tuffli <chuck@FreeBSD.org>
CommitDate: 2022-01-30 07:09:57 +0000

    bhyve nvme: Fix LBA out-of-range calculation
    
    The function which checks for a valid LBA range mistakenly named an
    input value as NLB ("Number of Logical Blocks") instead of "number of
    blocks". The NVMe specification defines NLB as a zero-based value (i.e.
    NLB=0x0 represents 1 block, 0x1 is 2 blocks, etc.), but the passed
    parameter is a 1's-based value.
    
    Fix is to rename the variable to avoid future confusion.
    
    While in the neighborhood, also check that the starting LBA is less than
    the size of the backing storage to avoid an integer overflow.
    
    Reviewed by:    imp, allanjude, jhb
    Tested by:      jason@tubnor.net
    MFC after:      1 month
    Differential Revision:  https://reviews.freebsd.org/D33575
---
 usr.sbin/bhyve/pci_nvme.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c
index ea3503bdbfc0..5ad7a0a59d65 100644
--- a/usr.sbin/bhyve/pci_nvme.c
+++ b/usr.sbin/bhyve/pci_nvme.c
@@ -2103,8 +2103,8 @@ pci_nvme_stats_write_read_update(struct pci_nvme_softc *sc, uint8_t opc,
 }
 
 /*
- * Check if the combination of Starting LBA (slba) and Number of Logical
- * Blocks (nlb) exceeds the range of the underlying storage.
+ * Check if the combination of Starting LBA (slba) and number of blocks
+ * exceeds the range of the underlying storage.
  *
  * Because NVMe specifies the SLBA in blocks as a uint64_t and blockif stores
  * the capacity in bytes as a uint64_t, care must be taken to avoid integer
@@ -2112,7 +2112,7 @@ pci_nvme_stats_write_read_update(struct pci_nvme_softc *sc, uint8_t opc,
  */
 static bool
 pci_nvme_out_of_range(struct pci_nvme_blockstore *nvstore, uint64_t slba,
-    uint32_t nlb)
+    uint32_t nblocks)
 {
 	size_t	offset, bytes;
 
@@ -2121,10 +2121,10 @@ pci_nvme_out_of_range(struct pci_nvme_blockstore *nvstore, uint64_t slba,
 		return (true);
 
 	offset = slba << nvstore->sectsz_bits;
-	bytes = nlb << nvstore->sectsz_bits;
+	bytes = nblocks << nvstore->sectsz_bits;
 
 	/* Overflow check of Number of Logical Blocks */
-	if ((nvstore->size - offset) < bytes)
+	if ((nvstore->size <= offset) || ((nvstore->size - offset) < bytes))
 		return (true);
 
 	return (false);
@@ -2433,7 +2433,8 @@ nvme_opc_write_read(struct pci_nvme_softc *sc,
 	nblocks = (cmd->cdw12 & 0xFFFF) + 1;
 
 	if (pci_nvme_out_of_range(nvstore, lba, nblocks)) {
-		WPRINTF("%s command would exceed LBA range", __func__);
+		WPRINTF("%s command would exceed LBA range(slba=%#lx nblocks=%#lx)",
+		    __func__, lba, nblocks);
 		pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
 		goto out;
 	}