Re: [PATCH v3] nvme: core: reject invalid LBA data size from Identify Namespace

Next message: Breno Leitao: "bnxt_en: suspicious RCU usage in bnxt_fw_reset_task() qdisc path in 7.1-rc6"
Previous message: Nico Pache: "Re: [PATCH mm-unstable v18 06/14] mm/khugepaged: generalize collapse_huge_page for mTHP collapse"
In reply to: John Garry: "Re: [PATCH v3] nvme: core: reject invalid LBA data size from Identify Namespace"
Next in thread: Keith Busch: "Re: [PATCH v3] nvme: core: reject invalid LBA data size from Identify Namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Keith Busch

Date: Tue Jun 02 2026 - 11:42:12 EST

On Tue, Jun 02, 2026 at 02:10:07PM +0100, John Garry wrote:
> On 15/05/2026 19:58, Chao Shi wrote:
> > + if (id->lbaf[lbaf].ds < SECTOR_SHIFT ||
> > + check_shl_overflow(le64_to_cpu(id->nsze),> + id->lbaf[lbaf].ds -
> SECTOR_SHIFT,
> > + &capacity)) {
> > + dev_warn_once(ns->ctrl->device,
> > + "invalid LBA data size %u, skipping namespace\n",
> > + id->lbaf[lbaf].ds);
> > + ret = -ENODEV;
> > + goto out;
> > + }
>
> JFYI, this is giving a C=1 warning:
>
> drivers/nvme/host/core.c:2411:13: warning: unsigned value that used to be signed checked against zero?
> drivers/nvme/host/core.c:2411:13: signed value source
>
> I can't seem to quieten it myself, though.
>
> BTW, I would have thought that check_shl_overflow would catch
> id->lbaf[lbaf].ds < SECTOR_SHIFT (so that we don't need the extra check).

I see it too. check_shl_overflow has checks that suggest it was
expecting a signed type, as all the < 0 checks don't make sense for
unsigned. The warning seems harmless, but I'd too like to see it
suppressed.

I think it's odd that I'm not seeing a similar error for the similar
usage in generic_check_addressable() from fs/libfs.c. They look the same
to me with respect to the types passed in.