Re: [PATCH] nvme: remove bogus check in nvme_pr_read_keys()

Next message: Shuah Khan: "Re: [PATCH v3 3/4] cpupower-frequency-info.1: document --boost and --epp options"
Previous message: Kees Cook: "[PATCH] xfs: Replace strncpy() with strscpy_pad() in tracepoint error paths"
In reply to: Dan Carpenter: "[PATCH] nvme: remove bogus check in nvme_pr_read_keys()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Keith Busch

Date: Mon Mar 23 2026 - 14:34:34 EST

On Sat, Mar 21, 2026 at 01:26:25PM +0300, Dan Carpenter wrote:
> This check for if (rse_len > U32_MAX) is confusing because if
> rse_len is > INT_MAX, that will trigger a WARN() in kvzalloc().
> Fortunately, the caller blkdev_pr_read_keys(), puts a limit on num_keys.
> The number of keys can't be more than PR_KEYS_MAX (65536) and the
> condition is impossible.

There's actually two callers: blkdev_pr_read_keys() ensures the number of
keys is smaller than 65536 and iblock_pr_read_keys() is a fixed size at
16. But begs the question, what guarantee does nvme_pr_read_keys() have
that all the callers validated the number of keys such that it can
bravely skip checking it? I think nvme should validate that it's a
reasonable value before calling kvalloc so we return an apporpriate
EINVAL instead of ENOMEM. The existing UINT_MAX check is certainly far
too high, but I think something like a 4MB payload would be a totally
reasonable upper limit for nvme on this function.