From nobody Mon Aug 29 15:01:18 2022
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MGYYB4HsDz4bJGT;
	Mon, 29 Aug 2022 15:01:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4MGYYB3rlRz4M4y;
	Mon, 29 Aug 2022 15:01:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1661785278;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0Tq6/8h3PKMu+Wxk5pwvRFmnQCssJDvEfW5Rg4XoCEQ=;
	b=DsZgCpsogVQ2b5dm3tDpTr5/N/NFjGlo7N5dcXCGMBz8cjsihfq0L6nJNf8J5WbYntY2ZO
	x0TXfitBHbxKIaXDlRdIj9sd0vV4HGozgXK0dTbDDb5vK2eHSRK97EhNiCdLAAi+zOdR2X
	TVOo8c95bIplmAhUpLtiVS2hqL0gO6MOfjRElcx7PeSTob+hmy+OsqZpzMZ3yXMSdbvpqz
	5p+DiAnub7Dq2NxZq6BNptPG6eKxRAkLN6nBfPXLW7Qb1HLw81ehy8U/Z2NdutWtlZYouF
	DZZJePBsz7XJ8cnddQMQs7AkTzAn5qVDHwGluEdhHYdwsRhhBqR73omS3yjT8g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MGYYB2WqQzSr9;
	Mon, 29 Aug 2022 15:01:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27TF1IPs062391;
	Mon, 29 Aug 2022 15:01:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27TF1IFG062390;
	Mon, 29 Aug 2022 15:01:18 GMT
	(envelope-from git)
Date: Mon, 29 Aug 2022 15:01:18 GMT
Message-Id: <202208291501.27TF1IFG062390@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: b8e33d1abeae - stable/13 - bhyve: Address uses of uninitialized variables in pci_nvme.c
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: b8e33d1abeae18c0441583f912ff9dc85c628180
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1661785278;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0Tq6/8h3PKMu+Wxk5pwvRFmnQCssJDvEfW5Rg4XoCEQ=;
	b=V2JttGR6Xa94TP/oJWPRbJsrv6TakoSTXDurVwUdVE4vxzD2G1YPPLJjTZr1cJ2OofCXUg
	8ejpuFHt50F0w/drf5oYtYjo9LjisNwdJ5jzH7ZNohxt5hTcEKdJVfaQafCKzkVeIlhOU8
	C3P5r7RgFmkXwYvY8u23Uq4W8Ai2EcUpHfLeG6nAY6TChCDc+7D6BE4pTXaXJlLvAlFPt5
	Nx2eqq699wuzt7aYDVYsBXIlhJt7kvjZGsmow8OzrJ0xSqEl5C8wap6xWsqUwtiAPCWGA3
	tqt4jO2rddARryQU8jdgaUWuGlJOHizQTqFFWZ9t/c6tx6K6PZrQbpuwsW+I1A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1661785278; a=rsa-sha256; cv=none;
	b=SqGOacbMeINfKbHMh/T+UltFepMHQ9Tzv3lGAZfdF+ELus+821cRowHlO9qIMjPKiQoBgC
	TLsI9cVAFyNq8KsxTl90f3wVtRhGLlqGMMMpSgWO7wMk3e9GAOYdCmFhJOWL2nuw3UGp0O
	GjxJAcu5wfrJwVSK6d+vnEOn3eio5fnstqaiYUqEo6MTU4MGadb+bfdiWXH9Fm4qWH+W/S
	zyTueVEWBVgno7ICkuXIkBRsUVeloRfkCMpPt4fcQJIprGGD2wOalQUei71awgGzdh7Lul
	zAk7FLAUth8ULdiRuvTYSOcai4S4elaaH8LWy38LSOIPLj98e5gOgDXhkclCsw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b8e33d1abeae18c0441583f912ff9dc85c628180

commit b8e33d1abeae18c0441583f912ff9dc85c628180
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-08-14 15:57:24 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-08-29 15:01:01 +0000

    bhyve: Address uses of uninitialized variables in pci_nvme.c
    
    The debug print in nvme_opc_get_log_page() would print an uninitialized
    local variable.
    
    In nvme_opc_write_read(), a failed LBA bounds check would cause
    pci_nvme_stats_write_read_update() to be called with an uninitialized
    variable as a parameter.  Although the parameter is unused when the
    check fails (and so status != 0), LLVM 14 emits some bogus machine code
    in this path, which happens to result in a segfault when it gets
    executed.
    
    PR:             265749
    Reviewed by:    chuck, emaste
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit b6ecef28bfd7c1c267442fae1c8f2fe0f699f617)
---
 usr.sbin/bhyve/pci_nvme.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c
index 6bed8ef8a731..98410b92039c 100644
--- a/usr.sbin/bhyve/pci_nvme.c
+++ b/usr.sbin/bhyve/pci_nvme.c
@@ -1386,9 +1386,7 @@ nvme_opc_get_log_page(struct pci_nvme_softc* sc, struct nvme_command* command,
 {
 	uint64_t logoff;
 	uint32_t logsize;
-	uint8_t logpage = command->cdw10 & 0xFF;
-
-	DPRINTF("%s log page %u len %u", __func__, logpage, logsize);
+	uint8_t logpage;
 
 	pci_nvme_status_genc(&compl->status, NVME_SC_SUCCESS);
 
@@ -1396,10 +1394,13 @@ nvme_opc_get_log_page(struct pci_nvme_softc* sc, struct nvme_command* command,
 	 * Command specifies the number of dwords to return in fields NUMDU
 	 * and NUMDL. This is a zero-based value.
 	 */
+	logpage = command->cdw10 & 0xFF;
 	logsize = ((command->cdw11 << 16) | (command->cdw10 >> 16)) + 1;
 	logsize *= sizeof(uint32_t);
 	logoff  = ((uint64_t)(command->cdw13) << 32) | command->cdw12;
 
+	DPRINTF("%s log page %u len %u", __func__, logpage, logsize);
+
 	switch (logpage) {
 	case NVME_LOG_ERROR:
 		if (logoff >= sizeof(sc->err_log)) {
@@ -2460,6 +2461,12 @@ nvme_opc_write_read(struct pci_nvme_softc *sc,
 
 	lba = ((uint64_t)cmd->cdw11 << 32) | cmd->cdw10;
 	nblocks = (cmd->cdw12 & 0xFFFF) + 1;
+	bytes = nblocks << nvstore->sectsz_bits;
+	if (bytes > NVME_MAX_DATA_SIZE) {
+		WPRINTF("%s command would exceed MDTS", __func__);
+		pci_nvme_status_genc(status, NVME_SC_INVALID_FIELD);
+		goto out;
+	}
 
 	if (pci_nvme_out_of_range(nvstore, lba, nblocks)) {
 		WPRINTF("%s command would exceed LBA range(slba=%#lx nblocks=%#lx)",
@@ -2468,13 +2475,6 @@ nvme_opc_write_read(struct pci_nvme_softc *sc,
 		goto out;
 	}
 
-	bytes  = nblocks << nvstore->sectsz_bits;
-	if (bytes > NVME_MAX_DATA_SIZE) {
-		WPRINTF("%s command would exceed MDTS", __func__);
-		pci_nvme_status_genc(status, NVME_SC_INVALID_FIELD);
-		goto out;
-	}
-
 	offset = lba << nvstore->sectsz_bits;
 
 	req->bytes = bytes;