diff options
| author | Naveen Nagar <naveen.n1@samsung.com> | 2021-08-23 16:33:33 +0530 |
|---|---|---|
| committer | Klaus Jensen <k.jensen@samsung.com> | 2021-09-24 08:43:52 +0200 |
| commit | 07a3dfa7c41a94788881b649518507610c727994 (patch) | |
| tree | dfee610eb20abe5412235a6e953cec4a5f8ef47e | |
| parent | fd761337aca5b55c133c3bec1b8bd4471cb9571a (diff) | |
| download | qemu-07a3dfa7c41a94788881b649518507610c727994.zip qemu-07a3dfa7c41a94788881b649518507610c727994.tar.gz qemu-07a3dfa7c41a94788881b649518507610c727994.tar.bz2 | |
hw/nvme: fix verification of select field in namespace attachment
Fix is added to check for reserved value in select field for
namespace attachment
CC: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Naveen Nagar <naveen.n1@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| -rw-r--r-- | hw/nvme/ctrl.c | 15 | ||||
| -rw-r--r-- | include/block/nvme.h | 5 |
2 files changed, 17 insertions, 3 deletions
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index ff78485..dc0e7b0 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -5191,7 +5191,7 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) uint16_t list[NVME_CONTROLLER_LIST_SIZE] = {}; uint32_t nsid = le32_to_cpu(req->cmd.nsid); uint32_t dw10 = le32_to_cpu(req->cmd.cdw10); - bool attach = !(dw10 & 0xf); + uint8_t sel = dw10 & 0xf; uint16_t *nr_ids = &list[0]; uint16_t *ids = &list[1]; uint16_t ret; @@ -5224,7 +5224,8 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) return NVME_NS_CTRL_LIST_INVALID | NVME_DNR; } - if (attach) { + switch (sel) { + case NVME_NS_ATTACHMENT_ATTACH: if (nvme_ns(ctrl, nsid)) { return NVME_NS_ALREADY_ATTACHED | NVME_DNR; } @@ -5235,7 +5236,10 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) nvme_attach_ns(ctrl, ns); nvme_select_iocs_ns(ctrl, ns); - } else { + + break; + + case NVME_NS_ATTACHMENT_DETACH: if (!nvme_ns(ctrl, nsid)) { return NVME_NS_NOT_ATTACHED | NVME_DNR; } @@ -5244,6 +5248,11 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) ns->attached--; nvme_update_dmrsl(ctrl); + + break; + + default: + return NVME_INVALID_FIELD | NVME_DNR; } /* diff --git a/include/block/nvme.h b/include/block/nvme.h index 77aae01..e3bd47b 100644 --- a/include/block/nvme.h +++ b/include/block/nvme.h @@ -1154,6 +1154,11 @@ enum NvmeIdCtrlCmic { NVME_CMIC_MULTI_CTRL = 1 << 1, }; +enum NvmeNsAttachmentOperation { + NVME_NS_ATTACHMENT_ATTACH = 0x0, + NVME_NS_ATTACHMENT_DETACH = 0x1, +}; + #define NVME_CTRL_SQES_MIN(sqes) ((sqes) & 0xf) #define NVME_CTRL_SQES_MAX(sqes) (((sqes) >> 4) & 0xf) #define NVME_CTRL_CQES_MIN(cqes) ((cqes) & 0xf) |