ioctl: fix nvme_directive_recv_stream_status

MaisenbacherD · MaisenbacherD · commit 85eeda3c231b · 2025-07-08T14:36:25.000+02:00
Take the nr_entries parameter for the returned data structure length
into account.

Signed-off-by: Dennis Maisenbacher &lt;dennis.maisenbacher@wdc.com&gt;
diff --git a/src/nvme/ioctl.h b/src/nvme/ioctl.h
@@ -10,6 +10,7 @@
 #ifndef _LIBNVME_IOCTL_H
 #define _LIBNVME_IOCTL_H
 
+#include <errno.h>
 #include <stddef.h>
 #include <sys/ioctl.h>
 
@@ -4041,6 +4042,11 @@ static inline int nvme_directive_recv_stream_status(int fd, __u32 nsid,
 			unsigned int nr_entries,
 			struct nvme_streams_directive_status *id)
 {
+	if (nr_entries > NVME_STREAM_ID_MAX) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	struct nvme_directive_recv_args args = {
 		.result = NULL,
 		.data = id,
@@ -4051,7 +4057,7 @@ static inline int nvme_directive_recv_stream_status(int fd, __u32 nsid,
 		.doper = NVME_DIRECTIVE_RECEIVE_STREAMS_DOPER_STATUS,
 		.dtype = NVME_DIRECTIVE_DTYPE_STREAMS,
 		.cdw12 = 0,
-		.data_len = sizeof(*id),
+		.data_len = (__u32)(sizeof(*id) + nr_entries * sizeof(__le16)),
 		.dspec = 0,
 	};
 
diff --git a/src/nvme/types.h b/src/nvme/types.h
@@ -116,6 +116,7 @@
  * @NVMF_TSAS_SIZE:		Max Transport Specific Address Subtype size
  * @NVME_ZNS_CHANGED_ZONES_MAX: Max number of zones in the changed zones log
  *				page
+ * @NVME_STREAM_ID_MAX: 	Max number of stream IDs
  */
 enum nvme_constants {
 	NVME_NSID_ALL				= 0xffffffff,
@@ -147,6 +148,7 @@ enum nvme_constants {
 	NVMF_TRADDR_SIZE			= 256,
 	NVMF_TSAS_SIZE				= 256,
 	NVME_ZNS_CHANGED_ZONES_MAX		= 511,
+	NVME_STREAM_ID_MAX 			= 0xffff,
 };
 
 /**
