diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2023-08-09 10:48:30 -0700 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2023-08-09 10:48:30 -0700 |
| commit | c0b7823b2d1496771e0e0b20bd2fb96343ed9d17 (patch) | |
| tree | f2a303c75e0e40c94d14c894d0ad95410eb59c0e | |
| parent | a8fc5165aab02f328ccd148aafec1e59fd1426eb (diff) | |
| parent | 3439ba9c5da943d96f7a3c86e0a7eb2ff48de41c (diff) | |
| download | qemu-c0b7823b2d1496771e0e0b20bd2fb96343ed9d17.zip qemu-c0b7823b2d1496771e0e0b20bd2fb96343ed9d17.tar.gz qemu-c0b7823b2d1496771e0e0b20bd2fb96343ed9d17.tar.bz2 | |
Merge tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme: fixes
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTTlmcACgkQTeGvMW1P
# DemjjggAnhEvaJ4fgS9rsvtxCwtzLNc405xMpNxh6rPaxa+sL3RXPIrW6vWG13+W
# VcHw8DI8EV4DzAFP919ZmTUq9/boRbgxx84bStlILUPHWol8+eGYVVfT75wFKszx
# d4Vi3nyPSGlrxieSrosARqimcUDtFtDGGAxjvEcKgzhkcU3a8DVYAOmx/hdlWJJQ
# KSk4h/E1pKItFbvv+w9yszsbToeZN65oIy7kQtFgx0JOULyWvEYSVygotw/AruF3
# FPQ0nrJuZ115w3cJWDszznVJ6+3EcWbD3luQc3zE1FOPp76EkAOkcnPh1XbBJrE2
# 2BsCX/XnXcZT7BWSJbEzGXLsHjqsPg==
# =Zy0+
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 09 Aug 2023 06:36:39 AM PDT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix null pointer access in ruh update
hw/nvme: fix null pointer access in directive receive
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| -rw-r--r-- | hw/nvme/ctrl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index d217ae9..539d273 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -4361,7 +4361,13 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl *n, NvmeRequest *req) uint32_t npid = (cdw10 >> 1) + 1; unsigned int i = 0; g_autofree uint16_t *pids = NULL; - uint32_t maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh; + uint32_t maxnpid; + + if (!ns->endgrp || !ns->endgrp->fdp.enabled) { + return NVME_FDP_DISABLED | NVME_DNR; + } + + maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh; if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) { return NVME_INVALID_FIELD | NVME_DNR; @@ -6900,7 +6906,7 @@ static uint16_t nvme_directive_receive(NvmeCtrl *n, NvmeRequest *req) case NVME_DIRECTIVE_IDENTIFY: switch (doper) { case NVME_DIRECTIVE_RETURN_PARAMS: - if (ns->endgrp->fdp.enabled) { + if (ns->endgrp && ns->endgrp->fdp.enabled) { id.supported |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; id.enabled |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; id.persistent |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; |