aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block/nvme.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/block/nvme.c')
-rw-r--r--drivers/block/nvme.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/block/nvme.c b/drivers/block/nvme.c
index 2dd09e7e142d..f4085d4fe0f2 100644
--- a/drivers/block/nvme.c
+++ b/drivers/block/nvme.c
@@ -170,12 +170,15 @@ enum {
170#define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id) 170#define CMD_CTX_BASE (POISON_POINTER_DELTA + sync_completion_id)
171#define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE) 171#define CMD_CTX_CANCELLED (0x2008 + CMD_CTX_BASE)
172#define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE) 172#define CMD_CTX_COMPLETED (0x2010 + CMD_CTX_BASE)
173#define CMD_CTX_INVALID (0x2014 + CMD_CTX_BASE)
173 174
174static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid) 175static unsigned long free_cmdid(struct nvme_queue *nvmeq, int cmdid)
175{ 176{
176 unsigned long data; 177 unsigned long data;
177 unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth); 178 unsigned offset = cmdid + BITS_TO_LONGS(nvmeq->q_depth);
178 179
180 if (cmdid > nvmeq->q_depth)
181 return CMD_CTX_INVALID;
179 data = nvmeq->cmdid_data[offset]; 182 data = nvmeq->cmdid_data[offset];
180 nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED; 183 nvmeq->cmdid_data[offset] = CMD_CTX_COMPLETED;
181 clear_bit(cmdid, nvmeq->cmdid_data); 184 clear_bit(cmdid, nvmeq->cmdid_data);
@@ -411,6 +414,12 @@ static void sync_completion(struct nvme_queue *nvmeq, void *ctx,
411 cqe->command_id, le16_to_cpup(&cqe->sq_id)); 414 cqe->command_id, le16_to_cpup(&cqe->sq_id));
412 return; 415 return;
413 } 416 }
417 if (unlikely((unsigned long)cmdinfo == CMD_CTX_INVALID)) {
418 dev_warn(nvmeq->q_dmadev,
419 "invalid id %d completed on queue %d\n",
420 cqe->command_id, le16_to_cpup(&cqe->sq_id));
421 return;
422 }
414 cmdinfo->result = le32_to_cpup(&cqe->result); 423 cmdinfo->result = le32_to_cpup(&cqe->result);
415 cmdinfo->status = le16_to_cpup(&cqe->status) >> 1; 424 cmdinfo->status = le16_to_cpup(&cqe->status) >> 1;
416 wake_up_process(cmdinfo->task); 425 wake_up_process(cmdinfo->task);