[3/5] nvme: fix max_segments integer truncation

Message ID	1456938434-20387-4-git-send-email-hch@lst.de (mailing list archive)
State	Accepted, archived
Delegated to:	Jens Axboe
Headers	show Return-Path: <linux-block-owner@kernel.org> From: Christoph Hellwig <hch@lst.de> To: axboe@fb.com, keith.busch@intel.com Cc: Jeff.Lien@hgst.com, linux-nvme@lists.infradead.org, linux-block@vger.kernel.org Subject: [PATCH 3/5] nvme: fix max_segments integer truncation Date: Wed, 2 Mar 2016 18:07:12 +0100 Message-Id: <1456938434-20387-4-git-send-email-hch@lst.de> In-Reply-To: <1456938434-20387-1-git-send-email-hch@lst.de> References: <1456938434-20387-1-git-send-email-hch@lst.de> Sender: linux-block-owner@vger.kernel.org Precedence: bulk

Message ID

1456938434-20387-4-git-send-email-hch@lst.de (mailing list archive)

State

Accepted, archived

Delegated to:

Jens Axboe

Headers

From: Christoph Hellwig <hch@lst.de>
To: axboe@fb.com, keith.busch@intel.com
Cc: Jeff.Lien@hgst.com, linux-nvme@lists.infradead.org,
	linux-block@vger.kernel.org
Subject: [PATCH 3/5] nvme: fix max_segments integer truncation
Date: Wed,  2 Mar 2016 18:07:12 +0100
Message-Id: <1456938434-20387-4-git-send-email-hch@lst.de>
In-Reply-To: <1456938434-20387-1-git-send-email-hch@lst.de>
References: <1456938434-20387-1-git-send-email-hch@lst.de>
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk

Commit Message

Christoph Hellwig March 2, 2016, 5:07 p.m. UTC

The block layer uses an unsigned short for max_segments.  The way we
calculate the value for NVMe tends to generate very large 32-bit values,
which after integer truncation may lead to a zero value instead of
the desired outcome.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
---
 drivers/nvme/host/core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Keith Busch March 2, 2016, 6:27 p.m. UTC | #1

On Wed, Mar 02, 2016 at 06:07:12PM +0100, Christoph Hellwig wrote:
> The block layer uses an unsigned short for max_segments.  The way we
> calculate the value for NVMe tends to generate very large 32-bit values,
> which after integer truncation may lead to a zero value instead of
> the desired outcome.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
> Tested-by: Jeff Lien <Jeff.Lien@hgst.com>

Looks good.

Reviewed-by: Keith Busch <keith.busch@intel.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-block" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index cfee6ac..c30cb10 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -844,9 +844,11 @@  static void nvme_set_queue_limits(struct nvme_ctrl *ctrl,
 		struct request_queue *q)
 {
 	if (ctrl->max_hw_sectors) {
+		u32 max_segments = 
+			(ctrl->max_hw_sectors / (ctrl->page_size >> 9)) + 1;
+
 		blk_queue_max_hw_sectors(q, ctrl->max_hw_sectors);
-		blk_queue_max_segments(q,
-			(ctrl->max_hw_sectors / (ctrl->page_size >> 9)) + 1);
+		blk_queue_max_segments(q, min_t(u32, max_segments, USHRT_MAX));
 	}
 	if (ctrl->stripe_size)
 		blk_queue_chunk_sectors(q, ctrl->stripe_size >> 9);

[3/5] nvme: fix max_segments integer truncation

Commit Message

Comments

Patch