d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure that the passthrough request will fit in MAXPHYS bytes after it

Browse Source 
has been rounded to full pages. This avoids a panic in
vm_fault_quick_hold_pages due to this off-by-one error passing one
page too many into vmapbuf.
This commit is contained in:
imp 2017-02-02 23:04:06 +00:00
parent d10af717dd
commit 65771dd345
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/dev/nvme/nvme_ctrlr.c
View File

@ -874,8 +874,20 @@ nvme_ctrlr_passthrough_cmd(struct nvme_controller *ctrlr,
struct mtx *mtx;
struct buf *buf = NULL;
int ret = 0;
vm_offset_t addr, end;
if (pt->len > 0) {
/*
* vmapbuf calls vm_fault_quick_hold_pages which only maps full
* pages. Ensure this request has fewer than MAXPHYS bytes when
* extended to full pages.
*/
addr = (vm_offset_t)pt->buf;
end = round_page(addr + pt->len);
addr = trunc_page(addr);
if (end - addr > MAXPHYS)
return EIO;
if (pt->len > ctrlr->max_xfer_size) {
nvme_printf(ctrlr, "pt->len (%d) "
"exceeds max_xfer_size (%d)\n", pt->len,