On Mon, Feb 03, 2025 at 08:24:58AM +0000, Hagar Hemdan wrote:
From: Puranjay Mohan pjy@amazon.com
[ Upstream commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 ]
On an NVMe namespace that does not support metadata, it is possible to send an IO command with metadata through io-passthru. This allows issues like [1] to trigger in the completion code path. nvme_map_user_request() doesn't check if the namespace supports metadata before sending it forward. It also allows admin commands with metadata to be processed as it ignores metadata when bdev == NULL and may report success.
Reject an IO command with metadata when the NVMe namespace doesn't support it and reject an admin command if it has metadata.
[1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/
Suggested-by: Christoph Hellwig hch@lst.de Reviewed-by: Christoph Hellwig hch@lst.de Reviewed-by: Sagi Grimberg sagi@grimberg.me Reviewed-by: Anuj Gupta anuj20.g@samsung.com Signed-off-by: Keith Busch kbusch@kernel.org [ Minor changes to make it work on 6.1 ] Signed-off-by: Puranjay Mohan pjy@amazon.com Signed-off-by: Hagar Hemdan hagarhem@amazon.com
Resend as all stables contain the fix except 6.1.
Good catch, thanks!
greg k-h