lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aKN30RVeM3p5NJm1@kbusch-mbp>
Date: Mon, 18 Aug 2025 12:58:25 -0600
From: Keith Busch <kbusch@...nel.org>
To: Diederik de Haas <didi.debian@...ow.org>
Cc: linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [BUG report] kernel warnings with Samsung 970 EVO 2TB SSD

On Sat, Aug 16, 2025 at 04:11:00PM +0200, Diederik de Haas wrote:
> On Sat Aug 16, 2025 at 3:20 PM CEST, Keith Busch wrote:
> 
> > If you want to see what the driver is reacting to, you can check the
> > subnqn from command line:
> >
> >   # nvme id-ctrl /dev/nvme0 | grep subnqn
> >
> > It'll probably be all zeros. The field has been required by spec, but
> > the driver tolerates ones that don't implement it.
> 
> root@...opi-r5s:~# nvme id-ctrl /dev/nvme0 | grep subnqn
> subnqn    :
> 
> So it seems to be just empty?

They, it's interpreted as a string. All 0's would be an empty string.
 
> > It's just a message that the device isn't spec compliant, but
> > otherwise perfectly operational.
> 
> But still worthy of a warning (instead of info) msg?
> 
> The other kernel warning is this:
> 
>   nvme nvme0: using unchecked data buffer
> 
> The SUBNQN message appears every time, this one appears often, but not
> always.

That one means you've sent a user space passthrough command to a device
that doesn't support SGL DMA. Without that, the nvme protocol uses
implicitly sized DMA that the driver can't be sure is accurate. The user
could theoretically provide a short buffer that can corrupt memory if
done by accident, or be used as an attack vector if done by malicious
software.

This is also not something to worry about unless you run malicious or
buggy software.
 
> When researching this/these issues, I discovered the nvme-cli package
> (with the nvme command) and via its manpage I found this command:
> 
>   nvme get-feature /dev/nvme0 -f 3
> 
> I didn't even know NVMe's had namespaces, but this didn't look good:
> 
>   The namespace or the format of that namespace is invalid(0x200b)
> 
> ... without actually understanding what it means and/or what its
> consequences are. It could be harmless and/or normal though.

The feature you're requesting is the LBA range, which is namespace
scoped. You need to specify a namespace id, either by opening the
namespace's block device (/dev/nvme0n1) instead of the admin handle
(/dev/nvme0), or you can manually specify the namespace with paramters
"--namespace-id=1" or just "-n1".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ