From nobody Sun Aug 14 16:07:26 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M5MkQ6gcWz4ZXZb; Sun, 14 Aug 2022 16:07:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M5MkQ6Dpyz3m14; Sun, 14 Aug 2022 16:07:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660493246; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Uux53GGKXZhobj325a3cXkMguPKh+jWSY2+/oXU5oY=; b=bDitRx6n8dKGEnDNgqi4ck301ayC/KsiAJTYOlp6Mk/hHrTvHGZWvHxHaL6bLXs3btrEiw dw/JELlRmAj5H2eE6BetT46lEKbvPnqWW8ZAa0tE0OrUASdP9037gz6+fjtND13xSjpQO9 Q0JXJyMRxAOGNh1SYMV3M2dSVl2sA9kWNh3AL8828wHZelZMWaB8w1HO/s/rQRC1mS2DMd bSi4b56/kIRnW5JCWMuKqQEt4jzZqa/TFSlexwWoJUP1oJeoRwiK0CQey53ctp/Q53fkdm I2AYGgvnHFXu3r6jYDLaBWYGDAeXZS8ZJ5VdynTt9fU4aa9E3pe4B7ygnUMBtQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M5MkQ4gjBzwlk; Sun, 14 Aug 2022 16:07:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27EG7Q3w062530; Sun, 14 Aug 2022 16:07:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27EG7QOg062529; Sun, 14 Aug 2022 16:07:26 GMT (envelope-from git) Date: Sun, 14 Aug 2022 16:07:26 GMT Message-Id: <202208141607.27EG7QOg062529@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: b6ecef28bfd7 - main - bhyve: Address uses of uninitialized variables in pci_nvme.c List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b6ecef28bfd7c1c267442fae1c8f2fe0f699f617 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660493246; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Uux53GGKXZhobj325a3cXkMguPKh+jWSY2+/oXU5oY=; b=WDz9muyKMC6YgNp+LevZpBacT14QWXUo5NOAsJWXjS/jCZRFKuZWndYb+qNE2YgCzv5zbS jsyOup9TFYEnLKiRGc3upy+juv+lEPuOKhto3ybJMES6/izEZNW+Uvp5KDMYabAL/5WkKQ UR/mXAW2sh/FRyJkgqFITGcT7vfuQ6/i2Tv22/DOv5puhxICgveC3LwN2HgUYU9WgJmWnC ouUg8B0khprPdxQMbfPM2/v2IQzttiuSyfG56sZPwQFvf9LFZN1bAC2GxwEk5Ah0XUFibw EKw7kcdHTvkgmG3B8ru/7allHRLhy+XfQpsYPCIlMNRAb8X1XDlqZo5MLr5hxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660493246; a=rsa-sha256; cv=none; b=wHvKWpadUPvskacoQ4L0c2ch+yqJU0DTZ7i4w9LD2AKeS9paCiHh7ZigW5bIOZC1jXGBId 4IerzTXUA2c6ED2134seEDc8sDtfn6qyWASsj5eRsSO8zpEBarfyoE/6hL2eMId8b+h6uQ Rkz+cOqwblFslQglDaReqdQpNzkJx5pjLvOY6iLZE95YfXZE9cHUiYLDo1bOOInapNtUww cs/2B1F7GfunQH9S5/qF7fhHQzL2rgVsabrVzCNMP71wyiVZpOQj/ZqKvup/47vYnKSdUO ODzWMLmTFqG+ttRscmAIWW0rdOqBkLleAkfOJshd7UtRgNAktxn+XFLL/2u/Hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b6ecef28bfd7c1c267442fae1c8f2fe0f699f617 commit b6ecef28bfd7c1c267442fae1c8f2fe0f699f617 Author: Mark Johnston AuthorDate: 2022-08-14 15:57:24 +0000 Commit: Mark Johnston CommitDate: 2022-08-14 15:59:01 +0000 bhyve: Address uses of uninitialized variables in pci_nvme.c The debug print in nvme_opc_get_log_page() would print an uninitialized local variable. In nvme_opc_write_read(), a failed LBA bounds check would cause pci_nvme_stats_write_read_update() to be called with an uninitialized variable as a parameter. Although the parameter is unused when the check fails (and so status != 0), LLVM 14 emits some bogus machine code in this path, which happens to result in a segfault when it gets executed. PR: 265749 Reviewed by: chuck, emaste MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36119 --- usr.sbin/bhyve/pci_nvme.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c index b832caa6f05d..38102beb0152 100644 --- a/usr.sbin/bhyve/pci_nvme.c +++ b/usr.sbin/bhyve/pci_nvme.c @@ -1418,9 +1418,7 @@ nvme_opc_get_log_page(struct pci_nvme_softc* sc, struct nvme_command* command, { uint64_t logoff; uint32_t logsize; - uint8_t logpage = command->cdw10 & 0xFF; - - DPRINTF("%s log page %u len %u", __func__, logpage, logsize); + uint8_t logpage; pci_nvme_status_genc(&compl->status, NVME_SC_SUCCESS); @@ -1428,10 +1426,13 @@ nvme_opc_get_log_page(struct pci_nvme_softc* sc, struct nvme_command* command, * Command specifies the number of dwords to return in fields NUMDU * and NUMDL. This is a zero-based value. */ + logpage = command->cdw10 & 0xFF; logsize = ((command->cdw11 << 16) | (command->cdw10 >> 16)) + 1; logsize *= sizeof(uint32_t); logoff = ((uint64_t)(command->cdw13) << 32) | command->cdw12; + DPRINTF("%s log page %u len %u", __func__, logpage, logsize); + switch (logpage) { case NVME_LOG_ERROR: if (logoff >= sizeof(sc->err_log)) { @@ -2507,6 +2508,12 @@ nvme_opc_write_read(struct pci_nvme_softc *sc, lba = ((uint64_t)cmd->cdw11 << 32) | cmd->cdw10; nblocks = (cmd->cdw12 & 0xFFFF) + 1; + bytes = nblocks << nvstore->sectsz_bits; + if (bytes > NVME_MAX_DATA_SIZE) { + WPRINTF("%s command would exceed MDTS", __func__); + pci_nvme_status_genc(status, NVME_SC_INVALID_FIELD); + goto out; + } if (pci_nvme_out_of_range(nvstore, lba, nblocks)) { WPRINTF("%s command would exceed LBA range(slba=%#lx nblocks=%#lx)", @@ -2515,13 +2522,6 @@ nvme_opc_write_read(struct pci_nvme_softc *sc, goto out; } - bytes = nblocks << nvstore->sectsz_bits; - if (bytes > NVME_MAX_DATA_SIZE) { - WPRINTF("%s command would exceed MDTS", __func__); - pci_nvme_status_genc(status, NVME_SC_INVALID_FIELD); - goto out; - } - offset = lba << nvstore->sectsz_bits; req->bytes = bytes;