]> asedeno.scripts.mit.edu Git - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d3d0bc7)
nvme-fc: rework the request initialization code
authorBart Van Assche <bvanassche@acm.org>
Mon, 8 Oct 2018 21:28:46 +0000 (14:28 -0700)
committerChristoph Hellwig <hch@lst.de>
Wed, 17 Oct 2018 06:58:29 +0000 (08:58 +0200)
Instead of setting and then clearing the first_sgl pointer for AEN requests,
leave that pointer zero. This patch does not change how requests are
initialized but avoids that Coverity reports the following complaint for
nvme_fc_init_aen_ops():

CID 1418400 (#1 of 1): Out-of-bounds access (OVERRUN)
4. overrun-buffer-val: Overrunning buffer pointed to by aen_op of 312 bytes by passing it to a function which accesses it at byte offset 312.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
drivers/nvme/host/fc.c patch | blob | history

diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
index fdadc9464f6f359449a849bcc7cbef79a39ce5d1..e52b9d3c0bd6cc22e1ac6b97736426267bb761f6 100644 (file)
--- a/drivers/nvme/host/fc.c
+++ b/drivers/nvme/host/fc.c
@@ -1704,7 +1704,6 @@ __nvme_fc_init_request(struct nvme_fc_ctrl *ctrl,
        op->fcp_req.rspaddr = &op->rsp_iu;
        op->fcp_req.rsplen = sizeof(op->rsp_iu);
        op->fcp_req.done = nvme_fc_fcpio_done;
-       op->fcp_req.first_sgl = &op_w_sgl->sgl[0];
        op->fcp_req.private = &op->fcp_req.first_sgl[SG_CHUNK_SIZE];
        op->ctrl = ctrl;
        op->queue = queue;
@@ -1746,9 +1745,14 @@ nvme_fc_init_request(struct blk_mq_tag_set *set, struct request *rq,
        struct nvme_fcp_op_w_sgl *op = blk_mq_rq_to_pdu(rq);
        int queue_idx = (set == &ctrl->tag_set) ? hctx_idx + 1 : 0;
        struct nvme_fc_queue *queue = &ctrl->queues[queue_idx];
+       int res;
 
        nvme_req(rq)->ctrl = &ctrl->ctrl;
-       return __nvme_fc_init_request(ctrl, queue, &op->op, rq, queue->rqcnt++);
+       res = __nvme_fc_init_request(ctrl, queue, &op->op, rq, queue->rqcnt++);
+       if (res)
+               return res;
+       op->op.fcp_req.first_sgl = &op->sgl[0];
+       return res;
 }
 
 static int
@@ -1778,7 +1782,6 @@ nvme_fc_init_aen_ops(struct nvme_fc_ctrl *ctrl)
                }
 
                aen_op->flags = FCOP_FLAGS_AEN;
-               aen_op->fcp_req.first_sgl = NULL; /* no sg list */
                aen_op->fcp_req.private = private;
 
                memset(sqe, 0, sizeof(*sqe));
local clone of linux.git