Commit 9df0f594 authored by Changpeng Liu's avatar Changpeng Liu Committed by Tomasz Zawadzki
Browse files

nvmf/vfio-user: add check for property_access 



Only 4 bytes or 8 bytes are valid numbers when to access NVMe
registers, add the check here.

Fix issue #2495.

Change-Id: I63b6e16a156f6eba17f397ec9d1a447e6a80b4da
Signed-off-by: default avatarChangpeng Liu <changpeng.liu@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12643


Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarDong Yi <dongx.yi@intel.com>
Reviewed-by: default avatarJohn Levon <levon@movementarian.org>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarTomasz Zawadzki <tomasz.zawadzki@intel.com>
parent 7cfb12f4

lib/nvmf/vfio_user.c

+10 −1
Original line number Diff line number Diff line
@@ -2747,6 +2747,11 @@ vfio_user_property_access(struct nvmf_vfio_user_ctrlr *vu_ctrlr, 
	struct nvmf_vfio_user_req *req;

	const struct spdk_nvmf_registers *regs;



	if ((count != 4) && (count != 8)) {

		errno = EINVAL;

		return -1;

	}



	/* Construct a Fabric Property Get/Set command and send it */

	req = get_nvmf_vfio_user_req(vu_ctrlr->sqs[0]);

	if (req == NULL) {
@@ -2760,7 +2765,11 @@ vfio_user_property_access(struct nvmf_vfio_user_ctrlr *vu_ctrlr, 
	req->cb_arg = vu_ctrlr->sqs[0];

	req->req.cmd->prop_set_cmd.opcode = SPDK_NVME_OPC_FABRIC;

	req->req.cmd->prop_set_cmd.cid = 0;

	req->req.cmd->prop_set_cmd.attrib.size = (count / 4) - 1;

	if (count == 4) {

		req->req.cmd->prop_set_cmd.attrib.size = 0;

	} else {

		req->req.cmd->prop_set_cmd.attrib.size = 1;

	}

	req->req.cmd->prop_set_cmd.ofst = pos;

	if (is_write) {

		req->req.cmd->prop_set_cmd.fctype = SPDK_NVMF_FABRIC_COMMAND_PROPERTY_SET;