Re: [PATCH v3] nvme: core: reject invalid LBA data size from Identify Namespace
From: John Garry
Date: Tue Jun 02 2026 - 09:11:58 EST
On 15/05/2026 19:58, Chao Shi wrote:
+ if (id->lbaf[lbaf].ds < SECTOR_SHIFT ||> + check_shl_overflow(le64_to_cpu(id->nsze),> + id->lbaf[lbaf].ds - SECTOR_SHIFT,
+ &capacity)) {
+ dev_warn_once(ns->ctrl->device,
+ "invalid LBA data size %u, skipping namespace\n",
+ id->lbaf[lbaf].ds);
+ ret = -ENODEV;
+ goto out;
+ }
JFYI, this is giving a C=1 warning:
drivers/nvme/host/core.c:2411:13: warning: unsigned value that used to
be signed checked against zero?
drivers/nvme/host/core.c:2411:13: signed value source
I can't seem to quieten it myself, though.
BTW, I would have thought that check_shl_overflow would catch id->lbaf[lbaf].ds < SECTOR_SHIFT (so that we don't need the extra check).