CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Chuck Tuffli <chuck@FreeBSD.org>
	Sun, 27 Jun 2021 22:14:52 +0000 (15:14 -0700)
committer	Chuck Tuffli <chuck@FreeBSD.org>
	Fri, 9 Jul 2021 14:25:45 +0000 (07:25 -0700)
commit	cd8a5d2316a12a8abca458c31467dc9dcf8361ce
tree	fa5f85f80f266e95006cf52628e183dfeeb5023f	tree \| snapshot
parent	e553299fd630d181401f9179aacca62682e2f26c	commit \| diff

bhyve: Fix NVMe iovec construction for large IOs

The UEFI driver included with Rocky Linux 8.4 uncovered an existing bug
in the NVMe emulation's construction of iovec's.

By default, NVMe data transfer operations use a scatter-gather list in
which all entries point to a fixed size memory region. For example, if
the Memory Page Size is 4KiB, a 2MiB IO requires 512 entries. Lists
themselves are also fixed size (default is 512 entries).

Because the list size is fixed, the last entry is special. If the IO
requires more than 512 entries, the last entry in the list contains the
address of the next list of entries. But if the IO requires exactly 512
entries, the last entry points to data.

The NVMe emulation missed this logic and unconditionally treated the
last entry as a pointer to the next list. Fix is to check if the
remaining data is greater than the page size before using the last entry
as a pointer to the next list.

PR: 256422
Reported by: dave@syix.com
Tested by: jason@tubnor.net
Relnotes: yes

(cherry picked from commit 91064841d72b285a146a3f1c32cb447251e062ea)