svn commit: r362758 - head/usr.sbin/bhyve
Chuck Tuffli
chuck at FreeBSD.org
Mon Jun 29 00:32:41 UTC 2020
Author: chuck
Date: Mon Jun 29 00:31:58 2020
New Revision: 362758
URL: https://svnweb.freebsd.org/changeset/base/362758
Log:
bhyve: validate NVMe deallocate range values
For NVMe emulation, validate the Data Set Management LBA ranges do not
exceed the capacity of the backing storage. If they do, return an "LBA
Out of Range" error.
Fixes UNH Test 2.2.3
Tested by: Jason Tubnor
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24893
Modified:
head/usr.sbin/bhyve/pci_nvme.c
Modified: head/usr.sbin/bhyve/pci_nvme.c
==============================================================================
--- head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:54 2020 (r362757)
+++ head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:58 2020 (r362758)
@@ -1877,6 +1877,11 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc,
nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, cmd->prp1, cmd->prp2,
(uint8_t *)range, NVME_MAX_DSM_TRIM, NVME_COPY_FROM_PRP);
+ if ((range[0].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
+
/*
* If the request is for more than a single range, store
* the ranges in the br_iov. Optimize for the common case
@@ -1896,6 +1901,10 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc,
struct iovec *iov = req->io_req.br_iov;
for (r = 0; r <= nr; r++) {
+ if ((range[r].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
iov[r].iov_base = (void *)(range[r].starting_lba * sectsz);
iov[r].iov_len = range[r].length * sectsz;
}
More information about the svn-src-head
mailing list