From: Klaus Jensen <k.jen...@samsung.com> The Reclaim Unit Update operation in I/O Management Receive does not verify the presence of a configured endurance group prior to accessing it.
Fix this. Cc: qemu-sta...@nongnu.org Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devant...@samsung.com> Signed-off-by: Klaus Jensen <k.jen...@samsung.com> (cherry picked from commit 3439ba9c5da943d96f7a3c86e0a7eb2ff48de41c) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index 861635609b..fce3ee0d95 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -4333,7 +4333,13 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl *n, NvmeRequest *req) uint32_t npid = (cdw10 >> 1) + 1; unsigned int i = 0; g_autofree uint16_t *pids = NULL; - uint32_t maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh; + uint32_t maxnpid; + + if (!ns->endgrp || !ns->endgrp->fdp.enabled) { + return NVME_FDP_DISABLED | NVME_DNR; + } + + maxnpid = n->subsys->endgrp.fdp.nrg * n->subsys->endgrp.fdp.nruh; if (unlikely(npid >= MIN(NVME_FDP_MAXPIDS, maxnpid))) { return NVME_INVALID_FIELD | NVME_DNR; -- 2.39.2