yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity

hw/nvme: fix null pointer access in ruh update

Browse Source 
The Reclaim Unit Update operation in I/O Management Receive does not
verify the presence of a configured endurance group prior to accessing
it.

Fix this.

Cc: qemu-stable@nongnu.org
Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
This commit is contained in:
Klaus Jensen 2023-08-08 17:16:14 +02:00
parent 6c8f8456cb
commit 3439ba9c5d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hw/nvme/ctrl.c
View File

@ -4361,7 +4361,13 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl *n, NvmeRequest *req)
uint32_t npid = (cdw10 >> 1) + 1; uint32_t npid = (cdw10 >> 1) + 1;
unsigned int i = 0; unsigned int i = 0;
g_autofree uint16_t *pids = NULL; g_autofree uint16_t *pids = NULL;
uint32_t maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh; uint32_t maxnpid;
if (!ns->endgrp || !ns->endgrp->fdp.enabled) {
return NVME_FDP_DISABLED | NVME_DNR;
}
maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh;
if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) { if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) {
return NVME_INVALID_FIELD | NVME_DNR; return NVME_INVALID_FIELD | NVME_DNR;