[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.0.5 11/43] hw/nvme: fix null pointer access in ruh update
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-8.0.5 11/43] hw/nvme: fix null pointer access in ruh update |
|
Date: |
Sat, 9 Sep 2023 15:59:37 +0300 |
From: Klaus Jensen <k.jensen@samsung.com>
The Reclaim Unit Update operation in I/O Management Receive does not
verify the presence of a configured endurance group prior to accessing
it.
Fix this.
Cc: qemu-stable@nongnu.org
Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 3439ba9c5da943d96f7a3c86e0a7eb2ff48de41c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 861635609b..fce3ee0d95 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -4333,7 +4333,13 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl
*n, NvmeRequest *req)
uint32_t npid = (cdw10 >> 1) + 1;
unsigned int i = 0;
g_autofree uint16_t *pids = NULL;
- uint32_t maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh;
+ uint32_t maxnpid;
+
+ if (!ns->endgrp || !ns->endgrp->fdp.enabled) {
+ return NVME_FDP_DISABLED | NVME_DNR;
+ }
+
+ maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh;
if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) {
return NVME_INVALID_FIELD | NVME_DNR;
--
2.39.2
- [Stable-8.0.5 01/43] machine: Add helpers to get cores/threads per socket, (continued)
- [Stable-8.0.5 01/43] machine: Add helpers to get cores/threads per socket, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 02/43] hw/smbios: Fix smbios_smp_sockets caculation, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 03/43] hw/smbios: Fix thread count in type4, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 05/43] hw/i2c: Fix bitbang_i2c_data trace event, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 04/43] hw/smbios: Fix core count in type4, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 06/43] dump: kdump-zlib data pages not dumped with pvtime/aarch64, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 07/43] hw/nvme: fix oob memory read in fdp events log, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 08/43] hw/nvme: fix compliance issue wrt. iosqes/iocqes, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 09/43] hw/nvme: fix CRC64 for guard tag, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 10/43] hw/nvme: fix null pointer access in directive receive, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 11/43] hw/nvme: fix null pointer access in ruh update,
Michael Tokarev <=
- [Stable-8.0.5 12/43] linux-user/elfload: Set V in ELF_HWCAP for RISC-V, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 13/43] include/exec/user: Set ABI_LLONG_ALIGNMENT to 4 for microblaze, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 14/43] include/exec/user: Set ABI_LLONG_ALIGNMENT to 4 for nios2, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 15/43] Fixed incorrect LLONG alignment for openrisc and cris, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 16/43] hw/sd/sdhci: Do not force sdhci_mmio_*_ops onto all SD controllers, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 19/43] target/s390x: Fix VSTL with a large length, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 20/43] target/s390x: Check reserved bits of VFMIN/VFMAX's M5, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 17/43] target/s390x: Fix the "ignored match" case in VSTRS, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 18/43] target/s390x: Use a 16-bit immediate in VREP, Michael Tokarev, 2023/09/09
- [Stable-8.0.5 21/43] include/hw/virtio/virtio-gpu: Fix virtio-gpu with blob on big endian hosts, Michael Tokarev, 2023/09/09