Page MenuHomeFreeBSD
Files F137072123

D24893.id.diff
No OneTemporary
Actions

D24893.id.diff
View Options

Index: head/usr.sbin/bhyve/pci_nvme.c
===================================================================
--- head/usr.sbin/bhyve/pci_nvme.c
+++ head/usr.sbin/bhyve/pci_nvme.c
@@ -1877,6 +1877,11 @@
nvme_prp_memcpy(sc->nsc_pi->pi_vmctx, cmd->prp1, cmd->prp2,
(uint8_t *)range, NVME_MAX_DSM_TRIM, NVME_COPY_FROM_PRP);
+ if ((range[0].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
+
/*
* If the request is for more than a single range, store
* the ranges in the br_iov. Optimize for the common case
@@ -1896,6 +1901,10 @@
struct iovec *iov = req->io_req.br_iov;
for (r = 0; r <= nr; r++) {
+ if ((range[r].starting_lba * sectsz) > nvstore->size) {
+ pci_nvme_status_genc(status, NVME_SC_LBA_OUT_OF_RANGE);
+ goto out;
+ }
iov[r].iov_base = (void *)(range[r].starting_lba * sectsz);
iov[r].iov_len = range[r].length * sectsz;
}

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 22, 2:20 AM (8 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25870836
Default Alt Text
D24893.id.diff (962 B)

Event Timeline