diff options
| author | Matt DeVillier <matt.devillier@puri.sm> | 2018-08-21 10:00:53 -0500 |
|---|---|---|
| committer | Kevin O'Connor <kevin@koconnor.net> | 2018-08-23 10:23:21 -0400 |
| commit | 7961917493baedb0aafd41d88029ed610d0c433f (patch) | |
| tree | 9b8438b1926789449e380512951e84ae01406899 | |
| parent | 95f850c2377968ad951121ceaab76d40a9eed593 (diff) | |
| download | seabios-7961917493baedb0aafd41d88029ed610d0c433f.tar.gz | |
nvme: fix I/O queue length calculation overflow
Commit cd47172 changed the I/O queue length calculation to use the
Maximum Queue Entries Supported (MQES) value from the capabilities
register, plus one, with a maximum value of NVME_PAGE_SIZE.
An unintended effect from this is that due to length being an unsigned
16-bit int, a MQES value of 0xFFFF yields a length of zero, resulting
in the queue allocation failing. Fix this by changing length to a u32.
TEST: build/boot on a Purism Librem13v2 with a MyDigitalSSD BPX NVMe
drive, which reports a MQES of 0xFFFF. Verify NVMe drive present in
boot menu and OS boots successfully.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
| -rw-r--r-- | src/hw/nvme.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/hw/nvme.c b/src/hw/nvme.c index e6d739d9..2e3aa386 100644 --- a/src/hw/nvme.c +++ b/src/hw/nvme.c @@ -318,7 +318,7 @@ nvme_create_io_cq(struct nvme_ctrl *ctrl, struct nvme_cq *cq, u16 q_idx) { int rc; struct nvme_sqe *cmd_create_cq; - u16 length = 1 + (ctrl->reg->cap & 0xffff); + u32 length = 1 + (ctrl->reg->cap & 0xffff); if (length > NVME_PAGE_SIZE / sizeof(struct nvme_cqe)) length = NVME_PAGE_SIZE / sizeof(struct nvme_cqe); @@ -362,7 +362,7 @@ nvme_create_io_sq(struct nvme_ctrl *ctrl, struct nvme_sq *sq, u16 q_idx, struct { int rc; struct nvme_sqe *cmd_create_sq; - u16 length = 1 + (ctrl->reg->cap & 0xffff); + u32 length = 1 + (ctrl->reg->cap & 0xffff); if (length > NVME_PAGE_SIZE / sizeof(struct nvme_cqe)) length = NVME_PAGE_SIZE / sizeof(struct nvme_cqe); |