hw/block/nvme: make sure ncqr and nsqr is valid

0xffff is not an allowed value for NCQR and NSQR in Set Features on Number of Queues. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Acked-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Dmitry Fomichev <dmitry.fomichev@wdc.com> Message-Id: <20200706061303.246057-14-its@irrelevant.dk>
author: Klaus Jensen <k.jensen@samsung.com> 2020-07-06 08:12:58 +0200
committer: Klaus Jensen <k.jensen@samsung.com> 2020-09-02 08:48:50 +0200
commit: 9932551154ff38b87e73c0ab209a1b75f702e84d (patch)
tree: c54fbddd7d7b2e77bf5b68603819e8378bc39367
parent: 7c46310d298d8caa9dd0e4c0846331dd148a575c (diff)
download: qemu-9932551154ff38b87e73c0ab209a1b75f702e84d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index bfc23037c3..a5f6dc4b8e 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1310,6 +1310,14 @@ static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeCmd *cmd, NvmeRequest *req)
         blk_set_enable_write_cache(n->conf.blk, dw11 & 1);
         break;
     case NVME_NUMBER_OF_QUEUES:
+        /*
+         * NVMe v1.3, Section 5.21.1.7: 0xffff is not an allowed value for NCQR
+         * and NSQR.
+         */
+        if ((dw11 & 0xffff) == 0xffff || ((dw11 >> 16) & 0xffff) == 0xffff) {
+            return NVME_INVALID_FIELD | NVME_DNR;
+        }
+
         trace_pci_nvme_setfeat_numq((dw11 & 0xFFFF) + 1,
                                     ((dw11 >> 16) & 0xFFFF) + 1,
                                     n->params.max_ioqpairs,
author	Klaus Jensen <k.jensen@samsung.com>	2020-07-06 08:12:58 +0200
committer	Klaus Jensen <k.jensen@samsung.com>	2020-09-02 08:48:50 +0200
commit	9932551154ff38b87e73c0ab209a1b75f702e84d (patch)
tree	c54fbddd7d7b2e77bf5b68603819e8378bc39367
parent	7c46310d298d8caa9dd0e4c0846331dd148a575c (diff)
download	qemu-9932551154ff38b87e73c0ab209a1b75f702e84d.zip