The nvme_execute_identify_ns_nvm function uses ZERO_PAGE for copying SG list with all zeros. As ZERO_PAGE would not necessarily return the virtual-address of the zero page, we need to first convert the page address to kernel virtual- address and then use it as source address for copying the data to SG list with all zeros. Using return address of ZERO_PAGE(0) as source address for copying data to SG list would fill the target buffer with random value and causes the undesired side effect. This patch implements the fix ensuring that we use virtual-address of the zero page for copying all zeros to the SG list buffers. Link: https://lore.kernel.org/all/CAHj4cs8OVyxmn4XTvA=y4uQ3qWpdw-x3M3FSUYr-KpE-nhaFEA@xxxxxxxxxxxxxx/ Fixes: 64a51080eaba ("nvmet: implement id ns for nvm command set") [nilay: Use page_to_virt() for converting ZERO_PAGE address to virtual-address as suggested by Maurizio Lombardi] Signed-off-by: Nilay Shroff <nilay@xxxxxxxxxxxxx> --- drivers/nvme/target/admin-cmd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c index 934b401fbc2f..a2b0444f28ab 100644 --- a/drivers/nvme/target/admin-cmd.c +++ b/drivers/nvme/target/admin-cmd.c @@ -901,12 +901,14 @@ static void nvmet_execute_identify_ctrl_nvm(struct nvmet_req *req) static void nvme_execute_identify_ns_nvm(struct nvmet_req *req) { u16 status; + void *zero_buf; status = nvmet_req_find_ns(req); if (status) goto out; - status = nvmet_copy_to_sgl(req, 0, ZERO_PAGE(0), + zero_buf = page_to_virt(ZERO_PAGE(0)); + status = nvmet_copy_to_sgl(req, 0, zero_buf, NVME_IDENTIFY_DATA_SIZE); out: nvmet_req_complete(req, status); -- 2.45.2
