NVMe: Detect command IDs completing that are out of range
If the adapter completes a command ID that is outside the bounds of the array, return CMD_CTX_INVALID instead of random data, and print a message in the sync_completion handler (which is rapidly becoming the misc completion handler :-) Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>
This commit is contained in:
parent
b36235df01
commit
48e3d39816
@ -170,12 +170,15 @@ enum {
|
||||
#define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id)
|
||||
#define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE)
|
||||
#define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE)
|
||||
#define CMD_CTX_INVALID (0x2014 + CMD_CTX_BASE)
|
||||
|
||||
static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid)
|
||||
{
|
||||
unsigned long data;
|
||||
unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth);
|
||||
|
||||
if (cmdid > nvmeq->q_depth)
|
||||
return CMD_CTX_INVALID;
|
||||
data = nvmeq->cmdid_data[offset];
|
||||
nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED;
|
||||
clear_bit(cmdid, nvmeq->cmdid_data);
|
||||
@ -411,6 +414,12 @@ static void sync_completion(struct nvme_queue *nvmeq, void *ctx,
|
||||
cqe->command_id, le16_to_cpup(&cqe->sq_id));
|
||||
return;
|
||||
}
|
||||
if (unlikely((unsigned long)cmdinfo == CMD_CTX_INVALID)) {
|
||||
dev_warn(nvmeq->q_dmadev,
|
||||
"invalid id %d completed on queue %d\n",
|
||||
cqe->command_id, le16_to_cpup(&cqe->sq_id));
|
||||
return;
|
||||
}
|
||||
cmdinfo->result = le32_to_cpup(&cqe->result);
|
||||
cmdinfo->status = le16_to_cpup(&cqe->status) >> 1;
|
||||
wake_up_process(cmdinfo->task);
|
||||
|
Loading…
Reference in New Issue
Block a user