From f6f02911b608cf5d57fa037be11fc228f8430171 Mon Sep 17 00:00:00 2001 From: Chuck Tuffli Date: Mon, 29 Jun 2020 00:31:34 +0000 Subject: [PATCH] bhyve: fix NVMe Get Log Page command Fix the logic in nvme_opc_get_log_page to calculate the number of DWORDS (uint32_t) instead of WORDS (uint16_t) for the byte length. And only return the allowed number of Log Page bytes as determined by the user request and actual size of the requested log page. Fixes UNH Test 1.3 Tested by: Jason Tubnor MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D24885 --- usr.sbin/bhyve/pci_nvme.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/usr.sbin/bhyve/pci_nvme.c b/usr.sbin/bhyve/pci_nvme.c index a2d1ebdbb717..d72e6dfeca27 100644 --- a/usr.sbin/bhyve/pci_nvme.c +++ b/usr.sbin/bhyve/pci_nvme.c @@ -830,32 +830,42 @@ static int nvme_opc_get_log_page(struct pci_nvme_softc* sc, struct nvme_command* command, struct nvme_completion* compl) { - uint32_t logsize = (1 + ((command->cdw10 >> 16) & 0xFFF)) * 2; + uint32_t logsize; uint8_t logpage = command->cdw10 & 0xFF; DPRINTF("%s log page %u len %u", __func__, logpage, logsize); pci_nvme_status_genc(&compl->status, NVME_SC_SUCCESS); + /* + * Command specifies the number of dwords to return in fields NUMDU + * and NUMDL. This is a zero-based value. + */ + logsize = ((command->cdw11 << 16) | (command->cdw10 >> 16)) + 1; + logsize *= sizeof(uint32_t); + switch (logpage) { case NVME_LOG_ERROR: nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, command->prp1, - command->prp2, (uint8_t *)&sc->err_log, logsize, + command->prp2, (uint8_t *)&sc->err_log, + MIN(logsize, sizeof(sc->err_log)), NVME_COPY_TO_PRP); break; case NVME_LOG_HEALTH_INFORMATION: /* TODO: present some smart info */ nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, command->prp1, - command->prp2, (uint8_t *)&sc->health_log, logsize, + command->prp2, (uint8_t *)&sc->health_log, + MIN(logsize, sizeof(sc->health_log)), NVME_COPY_TO_PRP); break; case NVME_LOG_FIRMWARE_SLOT: nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, command->prp1, - command->prp2, (uint8_t *)&sc->fw_log, logsize, + command->prp2, (uint8_t *)&sc->fw_log, + MIN(logsize, sizeof(sc->fw_log)), NVME_COPY_TO_PRP); break; default: - WPRINTF("%s get log page %x command not supported", + DPRINTF("%s get log page %x command not supported", __func__, logpage); pci_nvme_status_tc(&compl->status, NVME_SCT_COMMAND_SPECIFIC,