Is there an existing issue for this?
Bug Type
What packages are impacted?
MdeModulePkg
Which targets are impacted by this bug?
DEBUG, RELEASE
Current Behavior
NvmExpressMediaClear: off-by-one skips last LBA
Media->LastBlock is the 0-based index of the last valid LBA. The < operator excludes it. The loop writes sectors 0 through LastBlock - 1, missing the final sector.
Consequence:
The final sector of the namespace is not overwritten during a media clear. For security-sensitive sanitization, this leaves residual data on media.
Why this is NOT a false positive:
The NVMe spec and EFI_BLOCK_IO_MEDIA specification define LastBlock as the LBA of the last block (inclusive). Correct iteration would use <=.
Expected Behavior
Last block should be cleared
Steps To Reproduce
Trigger path:
Namespace has Nsze = 100 → Media->LastBlock = 99.
Loop: SectorOffset from 0 to 98 → sector 99 is never written.
Build Environment
Version Information
Urgency
Medium
Are you going to fix this?
I will fix it
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
No response
Is there an existing issue for this?
Bug Type
What packages are impacted?
MdeModulePkg
Which targets are impacted by this bug?
DEBUG, RELEASE
Current Behavior
NvmExpressMediaClear: off-by-one skips last LBA
Media->LastBlock is the 0-based index of the last valid LBA. The < operator excludes it. The loop writes sectors 0 through LastBlock - 1, missing the final sector.
Consequence:
The final sector of the namespace is not overwritten during a media clear. For security-sensitive sanitization, this leaves residual data on media.
Why this is NOT a false positive:
The NVMe spec and EFI_BLOCK_IO_MEDIA specification define LastBlock as the LBA of the last block (inclusive). Correct iteration would use <=.
Expected Behavior
Last block should be cleared
Steps To Reproduce
Trigger path:
Namespace has Nsze = 100 → Media->LastBlock = 99.
Loop: SectorOffset from 0 to 98 → sector 99 is never written.
Build Environment
Version Information
Urgency
Medium
Are you going to fix this?
I will fix it
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
No response