projects / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c46310)
hw/block/nvme: make sure ncqr and nsqr is valid
authorKlaus Jensen <k.jensen@samsung.com>
Mon, 6 Jul 2020 06:12:58 +0000 (08:12 +0200)
committerKlaus Jensen <k.jensen@samsung.com>
Wed, 2 Sep 2020 06:48:50 +0000 (08:48 +0200)
0xffff is not an allowed value for NCQR and NSQR in Set Features on
Number of Queues.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Acked-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Dmitry Fomichev <dmitry.fomichev@wdc.com>
Message-Id: <20200706061303.246057-14-its@irrelevant.dk>

hw/block/nvme.c patch | blob | history

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index bfc23037c301bc70c5310a6bb17ca747d4c0c3f9..a5f6dc4b8eb4b599882c68c8c3c45647f7747476 100644 (file)
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1310,6 +1310,14 @@ static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
         blk_set_enable_write_cache(n->conf.blk, dw11 & 1);
         break;
     case NVME_NUMBER_OF_QUEUES:
+        /*
+         * NVMe v1.3, Section 5.21.1.7: 0xffff is not an allowed value for NCQR
+         * and NSQR.
+         */
+        if ((dw11 & 0xffff) == 0xffff || ((dw11 >> 16) & 0xffff) == 0xffff) {
+            return NVME_INVALID_FIELD | NVME_DNR;
+        }
+
         trace_pci_nvme_setfeat_numq((dw11 & 0xFFFF) + 1,
                                     ((dw11 >> 16) & 0xFFFF) + 1,
                                     n->params.max_ioqpairs,
Unnamed repository; edit this file 'description' to name the repository.