From nobody Mon Feb 21 21:58:02 2022
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B9B2019EB661;
	Mon, 21 Feb 2022 21:58:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4K2blG5vmcz4gfW;
	Mon, 21 Feb 2022 21:58:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1645480683;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5+IBmTX4tWtSzp2m4YlBkG5rAWsc93XkpKmcq7yU384=;
	b=mAWDRAi8fH37diB1DpXVUTDqvOnjftcwonVfkjrVjlxSVxuWvcr1mYHSzSo1VNoh1rfdCy
	f7FyBM2xWdkXE5gC5HHxg/ojeaBBv4s7ZXoB2ngKZ8jly0MUaSNbj2+Yc2v7GZQNDMw/9X
	yrdbkKoyLUX7iIWFwgrh3K7Gb1vYhhUC52pF8ddgyqAB3QIlXdjr5BV5WloFgO0lb1kW9b
	DSdUriNAgVBxAEaAynhsIcPPTwtuPvDkRqXJlJxUjp1uqAHyQDsirezterlQG5Y7Ud7BvV
	RPAAFhnxixEHSrhf20dtTFGwhwF6cwY9PYRdfw7/l8cwLB+X+IS50XOO1C27Sg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 66E741849E;
	Mon, 21 Feb 2022 21:58:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21LLw2Hq052238;
	Mon, 21 Feb 2022 21:58:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21LLw2B7052237;
	Mon, 21 Feb 2022 21:58:02 GMT
	(envelope-from git)
Date: Mon, 21 Feb 2022 21:58:02 GMT
Message-Id: <202202212158.21LLw2B7052237@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Chuck Tuffli <chuck@FreeBSD.org>
Subject: git: 541ff74584e1 - stable/13 - bhyve nvme: Fix LBA out-of-range calculation
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: chuck
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 541ff74584e13c4543bb096915a3a39b57834b24
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1645480683;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5+IBmTX4tWtSzp2m4YlBkG5rAWsc93XkpKmcq7yU384=;
	b=qVPHwtgn2ldY2XPLpeniyO/hi27j1oCJ8zF4AEEWqQRLpH09sXjARD3Q4cqJEzRTtZ7bUm
	kvAUD7gNUrfqaxbE78tK9l5zznmY5Kq54SMvN7t/J7tuGQvh3Rl6S89U96nEhAbJv5CBQm
	BhwsWT+jK2W1Jz6kCUWZcJrLCTNgSF5wiCCmfIYTlOQ1N5MVuCY9fz9rqOkwjk3iGUiBZl
	PMzyokrQ+eIm1ccl9EI3wUjKDorhO4Ho5AldEpfhA3jddX7BxcSwbUzFKB/nkeYI+3orfg
	rE2HELzAlhaXSqapGse0LcaSZUWnggw2Jngi/Uyrwhw6oQZ7u4lnxdLtsuT3iA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645480683; a=rsa-sha256; cv=none;
	b=WbspUYLqFFHhlJ6lIQw5Ast1CFBRJUGm43NqKQDtHGBtiefJ8EDbKkSmrOgsTXcqP2mm5O
	c0+bXo+kADkxrYS2doLuqeqmghe7DhEFrXEk5sv6nL9uk2Mtgb7AkRzXTudNhOUL759Vh2
	Cq6JoagQv8TWNuD329hR/0RL5/wJz0XuDzbiihTxXM7ZDnZ383YcsJ6/lBPoC21bxrz2pJ
	Nq1v8nGj2UTfLWmqL6YPnozQOOWILXIvoPamWkr67PwazFGJEUVTt1k09vsYiG0TDfXyn6
	W1DEbhqeYmZovp3VGM9XrkGoPtjrcHdFrvAUWbQqf8oLJWg8fqpoLUu24jnTuw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by chuck:

URL: https://cgit.FreeBSD.org/src/commit/?id=541ff74584e13c4543bb096915a3a39b57834b24

commit 541ff74584e13c4543bb096915a3a39b57834b24
Author:     Chuck Tuffli <chuck@FreeBSD.org>
AuthorDate: 2022-01-30 07:09:57 +0000
Commit:     Chuck Tuffli <chuck@FreeBSD.org>
CommitDate: 2022-02-22 03:27:47 +0000

    bhyve nvme: Fix LBA out-of-range calculation
    
    The function which checks for a valid LBA range mistakenly named an
    input value as NLB ("Number of Logical Blocks") instead of "number of
    blocks". The NVMe specification defines NLB as a zero-based value (i.e.
    NLB=0x0 represents 1 block, 0x1 is 2 blocks, etc.), but the passed
    parameter is a 1's-based value.
    
    Fix is to rename the variable to avoid future confusion.
    
    While in the neighborhood, also check that the starting LBA is less than
    the size of the backing storage to avoid an integer overflow.
    
    (cherry picked from commit 9d8cd04694d47d48cc4003f8322739ba10fa8108)
---
 usr.sbin/bhyve/pci_nvme.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c
index aff881bd5056..66ca3dcdf38e 100644
--- a/usr.sbin/bhyve/pci_nvme.c
+++ b/usr.sbin/bhyve/pci_nvme.c
@@ -2103,8 +2103,8 @@ pci_nvme_stats_write_read_update(struct pci_nvme_softc *sc, uint8_t opc,
 }
 
 /*
- * Check if the combination of Starting LBA (slba) and Number of Logical
- * Blocks (nlb) exceeds the range of the underlying storage.
+ * Check if the combination of Starting LBA (slba) and number of blocks
+ * exceeds the range of the underlying storage.
  *
  * Because NVMe specifies the SLBA in blocks as a uint64_t and blockif stores
  * the capacity in bytes as a uint64_t, care must be taken to avoid integer
@@ -2112,7 +2112,7 @@ pci_nvme_stats_write_read_update(struct pci_nvme_softc *sc, uint8_t opc,
  */
 static bool
 pci_nvme_out_of_range(struct pci_nvme_blockstore *nvstore, uint64_t slba,
-    uint32_t nlb)
+    uint32_t nblocks)
 {
 	size_t	offset, bytes;
 
@@ -2121,10 +2121,10 @@ pci_nvme_out_of_range(struct pci_nvme_blockstore *nvstore, uint64_t slba,
 		return (true);
 
 	offset = slba << nvstore->sectsz_bits;
-	bytes = nlb << nvstore->sectsz_bits;
+	bytes = nblocks << nvstore->sectsz_bits;
 
 	/* Overflow check of Number of Logical Blocks */
-	if ((nvstore->size - offset) < bytes)
+	if ((nvstore->size <= offset) || ((nvstore->size - offset) < bytes))
 		return (true);
 
 	return (false);
@@ -2433,7 +2433,8 @@ nvme_opc_write_read(struct pci_nvme_softc *sc,
 	nblocks = (cmd->cdw12 & 0xFFFF) + 1;
 
 	if (pci_nvme_out_of_range(nvstore, lba, nblocks)) {
-		WPRINTF("%s command would exceed LBA range", __func__);
+		WPRINTF("%s command would exceed LBA range(slba=%#lx nblocks=%#lx)",
+		    __func__, lba, nblocks);
 		pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
 		goto out;
 	}