admin_passthru truncates req/rsp data #3
Description
There's a bug in the pax_nvme_submit_admin_passthru; any data sent/received greater than 1016 bytes will be truncated, with no support to retrieve the remaining bytes.
int pax_nvme_submit_admin_passthru(int fd, struct nvme_passthru_cmd *cmd)
{
int ret;
struct pax_nvme_device *pax;
struct switchtec_device_manage_nvme_req req;
struct switchtec_device_manage_nvme_rsp rsp;
int data_len;
[...]
/* Truncation takes place here, without warning the user*/
if (cmd->data_len > sizeof(req.nvme_data))
data_len = sizeof(req.nvme_data);
else
data_len = cmd->data_len;
/* Request data possibly truncated */
memcpy(req.nvme_data, (void *)cmd->addr, data_len);
[...]
status = (rsp.nvme_cqe[3] & 0xfffe0000) >> 17;
if (!status) {
cmd->result = rsp.nvme_cqe[0];
if (cmd->addr) {
/* Response data possibly truncated */
memcpy((uint64_t *)cmd->addr,
rsp.nvme_data,
rsp.hdr.rsp_len - 4 * 4);
}
}
return status;
}I think this is a limitation of switchtec_device_manage_nvme_req / switchtec_device_manage_nvme_rsp, originating at MRPC_MAX_DATA_LEN Support will need to be added to switchtec-user, but for right now there is no warning or error that the response data is truncated. It is entirely transparent to the user and very error prone.
Metadata
Metadata
Assignees
Labels
No labels