Commit 48e3d398 authored by Matthew Wilcox's avatar Matthew Wilcox

NVMe: Detect command IDs completing that are out of range

If the adapter completes a command ID that is outside the bounds of
the array, return CMD_CTX_INVALID instead of random data, and print a
message in the sync_completion handler (which is rapidly becoming the
misc completion handler :-)
Signed-off-by: default avatarMatthew Wilcox <matthew.r.wilcox@intel.com>
parent b36235df
...@@ -170,12 +170,15 @@ enum { ...@@ -170,12 +170,15 @@ enum {
#define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id) #define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id)
#define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE) #define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE)
#define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE) #define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE)
#define CMD_CTX_INVALID (0x2014 + CMD_CTX_BASE)
static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid) static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid)
{ {
unsigned long data; unsigned long data;
unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth); unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth);
if (cmdid > nvmeq->q_depth)
return CMD_CTX_INVALID;
data = nvmeq->cmdid_data[offset]; data = nvmeq->cmdid_data[offset];
nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED; nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED;
clear_bit(cmdid, nvmeq->cmdid_data); clear_bit(cmdid, nvmeq->cmdid_data);
...@@ -411,6 +414,12 @@ static void sync_completion(struct nvme_queue *nvmeq, void *ctx, ...@@ -411,6 +414,12 @@ static void sync_completion(struct nvme_queue *nvmeq, void *ctx,
cqe->command_id, le16_to_cpup(&cqe->sq_id)); cqe->command_id, le16_to_cpup(&cqe->sq_id));
return; return;
} }
if (unlikely((unsigned long)cmdinfo == CMD_CTX_INVALID)) {
dev_warn(nvmeq->q_dmadev,
"invalid id %d completed on queue %d\n",
cqe->command_id, le16_to_cpup(&cqe->sq_id));
return;
}
cmdinfo->result = le32_to_cpup(&cqe->result); cmdinfo->result = le32_to_cpup(&cqe->result);
cmdinfo->status = le16_to_cpup(&cqe->status) >> 1; cmdinfo->status = le16_to_cpup(&cqe->status) >> 1;
wake_up_process(cmdinfo->task); wake_up_process(cmdinfo->task);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment