svn commit: r363348 - stable/12/usr.sbin/bhyve
Chuck Tuffli
chuck at FreeBSD.org
Sun Jul 19 23:42:47 UTC 2020
Author: chuck
Date: Sun Jul 19 23:42:46 2020
New Revision: 363348
URL: https://svnweb.freebsd.org/changeset/base/363348
Log:
MFC r362758 bhyve: validate NVMe deallocate range values
Modified:
stable/12/usr.sbin/bhyve/pci_nvme.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/usr.sbin/bhyve/pci_nvme.c
==============================================================================
--- stable/12/usr.sbin/bhyve/pci_nvme.c Sun Jul 19 23:40:34 2020 (r363347)
+++ stable/12/usr.sbin/bhyve/pci_nvme.c Sun Jul 19 23:42:46 2020 (r363348)
@@ -1876,6 +1876,11 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc,
nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, cmd->prp1, cmd->prp2,
(uint8_t *)range, NVME_MAX_DSM_TRIM, NVME_COPY_FROM_PRP);
+ if ((range[0].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
+
/*
* If the request is for more than a single range, store
* the ranges in the br_iov. Optimize for the common case
@@ -1895,6 +1900,10 @@ nvme_opc_dataset_mgmt(struct pci_nvme_softc *sc,
struct iovec *iov = req->io_req.br_iov;
for (r = 0; r <= nr; r++) {
+ if ((range[r].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
iov[r].iov_base = (void *)(range[r].starting_lba * sectsz);
iov[r].iov_len = range[r].length * sectsz;
}
More information about the svn-src-all
mailing list