diff options
Diffstat (limited to 'drivers/block/nvme.c')
-rw-r--r-- | drivers/block/nvme.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/block/nvme.c b/drivers/block/nvme.c index 2dd09e7e142d..f4085d4fe0f2 100644 --- a/drivers/block/nvme.c +++ b/drivers/block/nvme.c | |||
@@ -170,12 +170,15 @@ enum { | |||
170 | #define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id) | 170 | #define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id) |
171 | #define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE) | 171 | #define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE) |
172 | #define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE) | 172 | #define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE) |
173 | #define CMD_CTX_INVALID (0x2014 + CMD_CTX_BASE) | ||
173 | 174 | ||
174 | static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid) | 175 | static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid) |
175 | { | 176 | { |
176 | unsigned long data; | 177 | unsigned long data; |
177 | unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth); | 178 | unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth); |
178 | 179 | ||
180 | if (cmdid > nvmeq->q_depth) | ||
181 | return CMD_CTX_INVALID; | ||
179 | data = nvmeq->cmdid_data[offset]; | 182 | data = nvmeq->cmdid_data[offset]; |
180 | nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED; | 183 | nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED; |
181 | clear_bit(cmdid, nvmeq->cmdid_data); | 184 | clear_bit(cmdid, nvmeq->cmdid_data); |
@@ -411,6 +414,12 @@ static void sync_completion(struct nvme_queue *nvmeq, void *ctx, | |||
411 | cqe->command_id, le16_to_cpup(&cqe->sq_id)); | 414 | cqe->command_id, le16_to_cpup(&cqe->sq_id)); |
412 | return; | 415 | return; |
413 | } | 416 | } |
417 | if (unlikely((unsigned long)cmdinfo == CMD_CTX_INVALID)) { | ||
418 | dev_warn(nvmeq->q_dmadev, | ||
419 | "invalid id %d completed on queue %d\n", | ||
420 | cqe->command_id, le16_to_cpup(&cqe->sq_id)); | ||
421 | return; | ||
422 | } | ||
414 | cmdinfo->result = le32_to_cpup(&cqe->result); | 423 | cmdinfo->result = le32_to_cpup(&cqe->result); |
415 | cmdinfo->status = le16_to_cpup(&cqe->status) >> 1; | 424 | cmdinfo->status = le16_to_cpup(&cqe->status) >> 1; |
416 | wake_up_process(cmdinfo->task); | 425 | wake_up_process(cmdinfo->task); |