Author: chuck Date: Mon Jun 29 00:31:58 2020 New Revision: 362758 URL: https://svnweb.freebsd.org/changeset/base/362758
Log: bhyve: validate NVMe deallocate range values For NVMe emulation, validate the Data Set Management LBA ranges do not exceed the capacity of the backing storage. If they do, return an "LBA Out of Range" error. Fixes UNH Test 2.2.3 Tested by: Jason Tubnor MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D24893 Modified: head/usr.sbin/bhyve/pci_nvme.c Modified: head/usr.sbin/bhyve/pci_nvme.c ============================================================================== --- head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:54 2020 (r362757) +++ head/usr.sbin/bhyve/pci_nvme.c Mon Jun 29 00:31:58 2020 (r362758) @@ -1877,6 +1877,11 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc, nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, cmd->prp1, cmd->prp2, (uint8_t *)range, NVME_MAX_DSM_TRIM, NVME_COPY_FROM_PRP); + if ((range[0].starting_lba * sectsz) > nvstore->size) { + pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE); + goto out; + } + /* * If the request is for more than a single range, store * the ranges in the br_iov. Optimize for the common case @@ -1896,6 +1901,10 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc, struct iovec *iov = req->io_req.br_iov; for (r = 0; r <= nr; r++) { + if ((range[r].starting_lba * sectsz) > nvstore->size) { + pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE); + goto out; + } iov[r].iov_base = (void *)(range[r].starting_lba * sectsz); iov[r].iov_len = range[r].length * sectsz; } _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"