nvme-cli: prevent resv action field overflow

author Austin J Eberle <ajeberle@us.ibm.com>

Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)

committer Keith Busch <keith.busch@intel.com>

Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)
author Austin J Eberle <ajeberle@us.ibm.com>
Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)
committer Keith Busch <keith.busch@intel.com>
Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)
diff --git a/nvme-ioctl.c b/nvme-ioctl.c

index 2a8012cfe665ffba206969b9dc68f27b00f4f8b0..15d051929e63c2dfcf562bb2532ee996514c5260 100644 (file)
--- a/nvme-ioctl.c
+++ b/nvme-ioctl.c
@@ -267,7 +267,7 @@ int nvme_resv_acquire(int fd, __u32 nsid, __u8 rtype, __u8 racqa,
                       bool iekey, __u64 crkey, __u64 nrkey)
  {
         __le64 payload[2] = { cpu_to_le64(crkey), cpu_to_le64(nrkey) };
-       __u32 cdw10 = racqa | (iekey ? 1 << 3 : 0) | rtype << 8;
+       __u32 cdw10 = (racqa & 0x7) | (iekey ? 1 << 3 : 0) | rtype << 8;
         struct nvme_passthru_cmd cmd = {
                 .opcode         = nvme_cmd_resv_acquire,
                 .nsid           = nsid,
@@ -283,7 +283,7 @@ int nvme_resv_register(int fd, __u32 nsid, __u8 rrega, __u8 cptpl,
                        bool iekey, __u64 crkey, __u64 nrkey)
  {
         __le64 payload[2] = { cpu_to_le64(crkey), cpu_to_le64(nrkey) };
-       __u32 cdw10 = rrega | (iekey ? 1 << 3 : 0) | cptpl << 30;
+       __u32 cdw10 = (rrega & 0x7) | (iekey ? 1 << 3 : 0) | cptpl << 30;
  
         struct nvme_passthru_cmd cmd = {
                 .opcode         = nvme_cmd_resv_register,
@@ -300,7 +300,7 @@ int nvme_resv_release(int fd, __u32 nsid, __u8 rtype, __u8 rrela,
                       bool iekey, __u64 crkey)
  {
         __le64 payload[1] = { cpu_to_le64(crkey) };
-       __u32 cdw10 = rrela | (iekey ? 1 << 3 : 0) | rtype << 8;
+       __u32 cdw10 = (rrela & 0x7) | (iekey ? 1 << 3 : 0) | rtype << 8;
  
         struct nvme_passthru_cmd cmd = {
                 .opcode         = nvme_cmd_resv_release,
diff --git a/nvme.c b/nvme.c

index 1e9359a25c050154750d7ec4eadc04034a2219e8..2432529387ce33af8347cb2bc9a34dc781d4e9d6 100644 (file)
--- a/nvme.c
+++ b/nvme.c
@@ -3724,6 +3724,12 @@ static int resv_register(int argc, char **argv, struct command *cmd, struct plug
                 goto close_fd;
         }
  
+       if (cfg.rrega > 7) {
+               fprintf(stderr, "invalid rrega:%d\n", cfg.rrega);
+               err = EINVAL;
+               goto close_fd;
+       }
+
         err = nvme_resv_register(fd, cfg.namespace_id, cfg.rrega, cfg.cptpl,
                                 !!cfg.iekey, cfg.crkey, cfg.nrkey);
         if (err < 0)
author	Austin J Eberle <ajeberle@us.ibm.com>
	Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)
committer	Keith Busch <keith.busch@intel.com>
	Tue, 25 Sep 2018 22:45:58 +0000 (16:45 -0600)
nvme-ioctl.c		patch \| blob \| history
nvme.c		patch \| blob \| history