[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/11] hw/block/nvme: fix potential overflow
From: |
Klaus Jensen |
Subject: |
[PULL 01/11] hw/block/nvme: fix potential overflow |
Date: |
Tue, 16 Mar 2021 22:47:43 +0100 |
From: Klaus Jensen <k.jensen@samsung.com>
page_size is a uint32_t, and zasl is a uint8_t, so the expression
`page_size << zasl` is done using 32-bit arithmetic and might overflow.
Since we then compare this against a 64 bit data_size value, Coverity
complains that we might overflow unintentionally. An MDTS/ZASL value in
excess of 4GiB is probably impractical, but it is not entirely
unrealistic, so add a cast such that we handle that case properly.
Fixes: 578d914b263c ("hw/block/nvme: align zoned.zasl with mdts")
Fixes: CID 1450756
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index d439e44db839..0d9b980151ae 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2188,7 +2188,8 @@ static uint16_t nvme_do_write(NvmeCtrl *n, NvmeRequest
*req, bool append,
goto invalid;
}
- if (n->params.zasl && data_size > n->page_size << n->params.zasl) {
+ if (n->params.zasl &&
+ data_size > (uint64_t)n->page_size << n->params.zasl) {
trace_pci_nvme_err_zasl(data_size);
return NVME_INVALID_FIELD | NVME_DNR;
}
--
2.30.1
- [PULL 00/11] emulated nvme updates and fixes, Klaus Jensen, 2021/03/16
- [PULL 01/11] hw/block/nvme: fix potential overflow,
Klaus Jensen <=
- [PULL 02/11] hw/block/nvme: assert namespaces array indices, Klaus Jensen, 2021/03/16
- [PULL 03/11] hw/block/nvme: fix zone management receive reporting too many zones, Klaus Jensen, 2021/03/16
- [PULL 07/11] hw/block/nvme: add non-mdts command size limit for verify, Klaus Jensen, 2021/03/16
- [PULL 04/11] hw/block/nvme: add metadata support, Klaus Jensen, 2021/03/16
- [PULL 06/11] hw/block/nvme: add verify command, Klaus Jensen, 2021/03/16
- [PULL 05/11] hw/block/nvme: end-to-end data protection, Klaus Jensen, 2021/03/16
- [PULL 08/11] hw/block/nvme: support multiple lba formats, Klaus Jensen, 2021/03/16
- [PULL 09/11] hw/block/nvme: prefer runtime helpers instead of device parameters, Klaus Jensen, 2021/03/16
- [PULL 10/11] hw/block/nvme: pull lba format initialization, Klaus Jensen, 2021/03/16
- [PULL 11/11] hw/block/nvme: add support for the format nvm command, Klaus Jensen, 2021/03/16