hw/nvme: fix null pointer access in ruh update

The Reclaim Unit Update operation in I/O Management Receive does not verify the presence of a configured endurance group prior to accessing it. Fix this. Cc: qemu-stable@nongnu.org Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
author: Klaus Jensen <k.jensen@samsung.com> 2023-08-08 17:16:14 +0200
committer: Klaus Jensen <k.jensen@samsung.com> 2023-08-09 15:32:32 +0200
commit: 3439ba9c5da943d96f7a3c86e0a7eb2ff48de41c (patch)
tree: f2a303c75e0e40c94d14c894d0ad95410eb59c0e /hw
parent: 6c8f8456cb0b239812dee5211881426496da7b98 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index e5b5c7034d..539d273553 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -4361,7 +4361,13 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl *n, NvmeRequest *req)
     uint32_t npid = (cdw10 >> 1) + 1;
     unsigned int i = 0;
     g_autofree uint16_t *pids = NULL;
-    uint32_t maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh;
+    uint32_t maxnpid;
+
+    if (!ns->endgrp || !ns->endgrp->fdp.enabled) {
+        return NVME_FDP_DISABLED | NVME_DNR;
+    }
+
+    maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh;
 
     if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) {
         return NVME_INVALID_FIELD | NVME_DNR;
author	Klaus Jensen <k.jensen@samsung.com>	2023-08-08 17:16:14 +0200
committer	Klaus Jensen <k.jensen@samsung.com>	2023-08-09 15:32:32 +0200
commit	3439ba9c5da943d96f7a3c86e0a7eb2ff48de41c (patch)
tree	f2a303c75e0e40c94d14c894d0ad95410eb59c0e /hw
parent	6c8f8456cb0b239812dee5211881426496da7b98 (diff)