From: Revanth Rajashekar revanth.rajashekar@intel.com
mainline inclusion from mainline-5.11-rc5 commit 4d6b1c95b974761c01cbad92321b82232b66d2a2 category: bugfix bugzilla: 167363 CVE: NA
---------------------------
According to NVMe spec v1.4, section 8.3.1, the PRINFO bit and the metadata size play a vital role in deteriming the host buffer size.
If PRIFNO bit is set and MS==8, the host doesn't add the metadata buffer, instead the controller adds it.
Signed-off-by: Revanth Rajashekar revanth.rajashekar@intel.com Signed-off-by: Christoph Hellwig hch@lst.de
Conflicts: drivers/nvme/host/core.c [ Cleanup patch ffc89b1d3ca4("nvme: introduce namespace features flag") is not applied. ]
Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com Reviewed-by: Hou Tao houtao1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/nvme/host/core.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 3ebc4b5e0e90f..aab3d9a950a5e 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1243,8 +1243,21 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) }
length = (io.nblocks + 1) << ns->lba_shift; - meta_len = (io.nblocks + 1) * ns->ms; - metadata = nvme_to_user_ptr(io.metadata); + + if ((io.control & NVME_RW_PRINFO_PRACT) && + ns->ms == sizeof(struct t10_pi_tuple)) { + /* + * Protection information is stripped/inserted by the + * controller. + */ + if (nvme_to_user_ptr(io.metadata)) + return -EINVAL; + meta_len = 0; + metadata = NULL; + } else { + meta_len = (io.nblocks + 1) * ns->ms; + metadata = nvme_to_user_ptr(io.metadata); + }
if (ns->ext) { length += meta_len;