On Fri, Aug 11, 2023 at 10:57:36AM -0600, Keith Busch wrote:
On Fri, Aug 11, 2023 at 09:29:05PM +0530, Kanchan Joshi wrote:+static bool nvme_validate_passthru_meta(struct nvme_ctrl *ctrl, + struct nvme_ns *ns, + struct nvme_command *c, + __u64 meta, __u32 meta_len) +{ + /* + * User may specify smaller meta-buffer with a larger data-buffer. + * Driver allocated meta buffer will also be small. + * Device can do larger dma into that, overwriting unrelated kernel + * memory. + */ + if (ns && (meta_len || meta)) { + u16 nlb = lower_16_bits(le32_to_cpu(c->common.cdw12)); + + if (meta_len != (nlb + 1) * ns->ms) { + dev_err(ctrl->device, + "%s: metadata length does not match!\n", current->comm); + return false; + }Don't you need to check the command PRINFO PRACT bit to know if metadata length is striped/generated on the controller side?
Good point. Will add that check in v2.
