nvme-fabrics: check ioccsz and iorcsz

Make sure that ioccsz and iorcsz returned by target are correct before use it.

Per 2.0a base NVMe spec:

  I/O Queue Command Capsule Supported Size (IOCCSZ): This field defines
  the maximum I/O command capsule size in 16 byte units. The minimum value
  that shall be indicated is 4 corresponding to 64 bytes.

Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 9b38f37..590cd4f 100644 (file)
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3022,6 +3022,20 @@ static int nvme_check_ctrl_fabric_info(struct nvme_ctrl *ctrl, struct nvme_id_ct
                return -EINVAL;
        }
 
+       if (ctrl->ioccsz < 4) {
+               dev_err(ctrl->device,
+                       "I/O queue command capsule supported size %d < 4\n",
+                       ctrl->ioccsz);
+               return -EINVAL;
+       }
+
+       if (ctrl->iorcsz < 1) {
+               dev_err(ctrl->device,
+                       "I/O queue response capsule supported size %d < 1\n",
+                       ctrl->iorcsz);
+               return -EINVAL;
+       }
+
        return 0;
 }