On Tue, Dec 08, 2020 at 09:33:39AM +0100, Klaus Jensen wrote:
> +static uint16_t nvme_copy(NvmeCtrl *n, NvmeRequest *req)
> +{
<snip>
> + for (i = 0; i < nr; i++) {
> + uint32_t _nlb = le16_to_cpu(range[i].nlb) + 1;
> + if (_nlb > le16_to_cpu(ns->id_ns.mssrl)) {
> + return NVME_CMD_SIZE_LIMIT | NVME_DNR;
> + }
> +
> + nlb += _nlb;
> + }
> +
> + if (nlb > le32_to_cpu(ns->id_ns.mcl)) {
> + return NVME_CMD_SIZE_LIMIT | NVME_DNR;
> + }
> +
> + bounce = bouncep = g_malloc(nvme_l2b(ns, nlb));
> +
> + for (i = 0; i < nr; i++) {
> + uint64_t slba = le64_to_cpu(range[i].slba);
> + uint32_t nlb = le16_to_cpu(range[i].nlb) + 1;
> +
> + status = nvme_check_bounds(ns, slba, nlb);
> + if (status) {
> + trace_pci_nvme_err_invalid_lba_range(slba, nlb, ns->id_ns.nsze);
> + goto free_bounce;
> + }
> +
> + if (NVME_ERR_REC_DULBE(ns->features.err_rec)) {
> + status = nvme_check_dulbe(ns, slba, nlb);
> + if (status) {
> + goto free_bounce;
> + }
> + }
> + }
Only comment I have is that these two for-loops look like they can be
collaped into one, which also simplifies how you account for the bounce
buffer when error'ing out.
