queue-4.14/nvme-fix-u32-overflow-in-the-number-of-namespace-lis.patch

   1 From dbe3b5b9fd5aa0912e52250dc112dbf4fc813455 Mon Sep 17 00:00:00 2001
   2 From: Jaesoo Lee <jalee@purestorage.com>
   3 Date: Mon, 3 Jun 2019 16:42:28 -0700
   4 Subject: nvme: Fix u32 overflow in the number of namespace list calculation
   5
   6 [ Upstream commit c8e8c77b3bdbade6e26e8e76595f141ede12b692 ]
   7
   8 The Number of Namespaces (nn) field in the identify controller data structure is
   9 defined as u32 and the maximum allowed value in NVMe specification is
  10 0xFFFFFFFEUL. This change fixes the possible overflow of the DIV_ROUND_UP()
  11 operation used in nvme_scan_ns_list() by casting the nn to u64.
  12
  13 Signed-off-by: Jaesoo Lee <jalee@purestorage.com>
  14 Reviewed-by: Christoph Hellwig <hch@lst.de>
  15 Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
  16 Signed-off-by: Sasha Levin <sashal@kernel.org>
  17 ---
  18  drivers/nvme/host/core.c | 3 ++-
  19  1 file changed, 2 insertions(+), 1 deletion(-)
  20
  21 diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
  22 index d98ffb1ce629..768ac752a6e3 100644
  23 --- a/drivers/nvme/host/core.c
  24 +++ b/drivers/nvme/host/core.c
  25 @@ -2477,7 +2477,8 @@ static int nvme_scan_ns_list(struct nvme_ctrl *ctrl, unsigned nn)
  26  {
  27         struct nvme_ns *ns;
  28         __le32 *ns_list;
  29 -       unsigned i, j, nsid, prev = 0, num_lists = DIV_ROUND_UP(nn, 1024);
  30 +       unsigned i, j, nsid, prev = 0;
  31 +       unsigned num_lists = DIV_ROUND_UP_ULL((u64)nn, 1024);
  32         int ret = 0;
  33
  34         ns_list = kzalloc(0x1000, GFP_KERNEL);
  35 --
  36 2.20.1
  37