The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=3b700550004c7d3b848c68e4a7742898f9f98b45
commit 3b700550004c7d3b848c68e4a7742898f9f98b45 Author: John Baldwin <[email protected]> AuthorDate: 2022-11-29 01:08:36 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2023-01-26 20:23:47 +0000 bhyve: Don't leak uninitialized bits in NVMe completion statuses. In some cases, some bits in the 16-bit status word were never initialized. Reported by: GCC Reviewed by: corvink, chuck, markj Differential Revision: https://reviews.freebsd.org/D37486 (cherry picked from commit 1d9e8a9e60953b148a036b39d1fe7037fdbb40a3) --- usr.sbin/bhyve/pci_nvme.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c index 6572781e939c..98f4a7de72c8 100644 --- a/usr.sbin/bhyve/pci_nvme.c +++ b/usr.sbin/bhyve/pci_nvme.c @@ -1530,6 +1530,7 @@ nvme_opc_identify(struct pci_nvme_softc* sc, struct nvme_command* command, DPRINTF("%s identify 0x%x nsid 0x%x", __func__, command->cdw10 & 0xFF, command->nsid); + status = 0; pci_nvme_status_genc(&status, NVME_SC_SUCCESS); switch (command->cdw10 & 0xFF) { @@ -2383,6 +2384,7 @@ pci_nvme_io_done(struct blockif_req *br, int err) /* TODO return correct error */ code = err ? NVME_SC_DATA_TRANSFER_ERROR : NVME_SC_SUCCESS; + status = 0; pci_nvme_status_genc(&status, code); pci_nvme_set_completion(req->sc, sq, req->sqid, req->cid, status); @@ -2447,6 +2449,7 @@ nvme_write_read_ram(struct pci_nvme_softc *sc, else dir = NVME_COPY_FROM_PRP; + status = 0; if (nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, prp1, prp2, buf + offset, bytes, dir)) pci_nvme_status_genc(&status, @@ -2594,6 +2597,7 @@ pci_nvme_dealloc_sm(struct blockif_req *br, int err) bool done = true; uint16_t status; + status = 0; if (err) { pci_nvme_status_genc(&status, NVME_SC_INTERNAL_DEVICE_ERROR); } else if ((req->prev_gpaddr + 1) == (req->prev_size)) {
