From 7a2a588c626b8657be9e0cd245ccfaee6623c9f8 Mon Sep 17 00:00:00 2001
From: Changpeng Liu <changpeng.liu@intel.com>
Date: Wed, 3 Nov 2021 21:14:20 +0800
Subject: [PATCH] nvmf/ctrlr: check offset parameter for get log page command

The specification says "host specifies an offset (i.e., LPOL and LPOU)
that is greater than the size of the log page requested, then the
controller shall abort the command with a status of Invalid Field
in Command."

Offset is used (if needed) to retrieve specific records of
Discovery Log Page, so we don't check it for Discovery Log Page.

Change-Id: I76ce929600b9f2ca9b69397d25f339d55729e6d3
Signed-off-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/10093
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 lib/nvmf/ctrlr.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/nvmf/ctrlr.c b/lib/nvmf/ctrlr.c
index a3b5f3701..fcefdcc64 100644
--- a/lib/nvmf/ctrlr.c
+++ b/lib/nvmf/ctrlr.c
@@ -2348,6 +2348,14 @@ nvmf_ctrlr_get_log_page(struct spdk_nvmf_request *req)
 			goto invalid_log_page;
 		}
 	} else {
+		if (offset > len) {
+			SPDK_ERRLOG("Get log page: offset (%" PRIu64 ") > len (%" PRIu64 ")\n",
+				    offset, len);
+			response->status.sct = SPDK_NVME_SCT_GENERIC;
+			response->status.sc = SPDK_NVME_SC_INVALID_FIELD;
+			return SPDK_NVMF_REQUEST_EXEC_STATUS_COMPLETE;
+		}
+
 		switch (lid) {
 		case SPDK_NVME_LOG_ERROR:
 			nvmf_get_error_log_page(ctrlr, req->iov, req->iovcnt, offset, len, rae);