From: Sasha Levin <sashal@kernel.org>
Date: Wed, 27 Nov 2024 18:04:21 +0000 (-0500)
Subject: Fixes for 5.10
X-Git-Tag: v4.19.325~129
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6e312e3fc44dea9fd7c6e9ec81e0e74b5b04f7b1;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.10/nvme-fix-metadata-handling-in-nvme-passthrough.patch b/queue-5.10/nvme-fix-metadata-handling-in-nvme-passthrough.patch
new file mode 100644
index 00000000000..334768b1075
--- /dev/null
+++ b/queue-5.10/nvme-fix-metadata-handling-in-nvme-passthrough.patch
@@ -0,0 +1,70 @@
+From ec2def13670bcecb65d75471d94c7c301aedaf53 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 25 Nov 2024 12:10:09 +0000
+Subject: nvme: fix metadata handling in nvme-passthrough
+
+From: Puranjay Mohan <pjy@amazon.com>
+
+[ Upstream commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 ]
+
+On an NVMe namespace that does not support metadata, it is possible to
+send an IO command with metadata through io-passthru. This allows issues
+like [1] to trigger in the completion code path.
+nvme_map_user_request() doesn't check if the namespace supports metadata
+before sending it forward. It also allows admin commands with metadata to
+be processed as it ignores metadata when bdev == NULL and may report
+success.
+
+Reject an IO command with metadata when the NVMe namespace doesn't
+support it and reject an admin command if it has metadata.
+
+[1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/
+
+Suggested-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Puranjay Mohan <pjy@amazon.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+[ Move the changes from nvme_map_user_request() to nvme_submit_user_cmd()
+  to make it work on 5.10 ]
+Signed-off-by: Puranjay Mohan <pjy@amazon.com>
+Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/host/core.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 30a642c8f5374..bee55902fe6ce 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -1121,11 +1121,16 @@ static int nvme_submit_user_cmd(struct request_queue *q,
+ 	bool write = nvme_is_write(cmd);
+ 	struct nvme_ns *ns = q->queuedata;
+ 	struct gendisk *disk = ns ? ns->disk : NULL;
++	bool supports_metadata = disk && blk_get_integrity(disk);
++	bool has_metadata = meta_buffer && meta_len;
+ 	struct request *req;
+ 	struct bio *bio = NULL;
+ 	void *meta = NULL;
+ 	int ret;
+ 
++	if (has_metadata && !supports_metadata)
++		return -EINVAL;
++
+ 	req = nvme_alloc_request(q, cmd, 0);
+ 	if (IS_ERR(req))
+ 		return PTR_ERR(req);
+@@ -1141,7 +1146,7 @@ static int nvme_submit_user_cmd(struct request_queue *q,
+ 			goto out;
+ 		bio = req->bio;
+ 		bio->bi_disk = disk;
+-		if (disk && meta_buffer && meta_len) {
++		if (has_metadata) {
+ 			meta = nvme_add_user_metadata(bio, meta_buffer, meta_len,
+ 					meta_seed, write);
+ 			if (IS_ERR(meta)) {
+-- 
+2.43.0
+
diff --git a/queue-5.10/series b/queue-5.10/series
index 8b55c299147..1ad8851164b 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -39,3 +39,4 @@ ipmr-fix-access-to-mfc_cache_list-without-lock-held.patch
 rcu-tasks-idle-tasks-on-offline-cpus-are-in-quiescen.patch
 x86-stackprotector-work-around-strict-clang-tls-symb.patch
 cifs-fix-buffer-overflow-when-parsing-nfs-reparse-po.patch
+nvme-fix-metadata-handling-in-nvme-passthrough.patch