diff options
author | Naveen Nagar <naveen.n1@samsung.com> | 2021-08-23 16:33:33 +0530 |
---|---|---|
committer | Klaus Jensen <k.jensen@samsung.com> | 2021-09-24 08:43:52 +0200 |
commit | 07a3dfa7c41a94788881b649518507610c727994 (patch) | |
tree | dfee610eb20abe5412235a6e953cec4a5f8ef47e /hw | |
parent | fd761337aca5b55c133c3bec1b8bd4471cb9571a (diff) | |
download | qemu-07a3dfa7c41a94788881b649518507610c727994.zip qemu-07a3dfa7c41a94788881b649518507610c727994.tar.gz qemu-07a3dfa7c41a94788881b649518507610c727994.tar.bz2 |
hw/nvme: fix verification of select field in namespace attachment
Fix is added to check for reserved value in select field for
namespace attachment
CC: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Naveen Nagar <naveen.n1@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/nvme/ctrl.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index ff78485..dc0e7b0 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -5191,7 +5191,7 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) uint16_t list[NVME_CONTROLLER_LIST_SIZE] = {}; uint32_t nsid = le32_to_cpu(req->cmd.nsid); uint32_t dw10 = le32_to_cpu(req->cmd.cdw10); - bool attach = !(dw10 & 0xf); + uint8_t sel = dw10 & 0xf; uint16_t *nr_ids = &list[0]; uint16_t *ids = &list[1]; uint16_t ret; @@ -5224,7 +5224,8 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) return NVME_NS_CTRL_LIST_INVALID | NVME_DNR; } - if (attach) { + switch (sel) { + case NVME_NS_ATTACHMENT_ATTACH: if (nvme_ns(ctrl, nsid)) { return NVME_NS_ALREADY_ATTACHED | NVME_DNR; } @@ -5235,7 +5236,10 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) nvme_attach_ns(ctrl, ns); nvme_select_iocs_ns(ctrl, ns); - } else { + + break; + + case NVME_NS_ATTACHMENT_DETACH: if (!nvme_ns(ctrl, nsid)) { return NVME_NS_NOT_ATTACHED | NVME_DNR; } @@ -5244,6 +5248,11 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) ns->attached--; nvme_update_dmrsl(ctrl); + + break; + + default: + return NVME_INVALID_FIELD | NVME_DNR; } /* |