From nobody Fri Dec 19 06:16:04 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1548897224857755.3434838670113;
 Wed, 30 Jan 2019 17:13:44 -0800 (PST)
Received: from localhost ([127.0.0.1]:47034 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gp0vH-0001wN-QA
	for importer@patchew.org; Wed, 30 Jan 2019 20:13:43 -0500
Received: from eggs.gnu.org ([209.51.188.92]:37781)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1gp0in-0000Cj-I7
	for qemu-devel@nongnu.org; Wed, 30 Jan 2019 20:00:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1gp0ik-00009Z-TU
	for qemu-devel@nongnu.org; Wed, 30 Jan 2019 20:00:48 -0500
Received: from mx1.redhat.com ([209.132.183.28]:35418)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mreitz@redhat.com>)
	id 1gp0iP-0008Kq-QA; Wed, 30 Jan 2019 20:00:28 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1E6FD9387E;
	Thu, 31 Jan 2019 01:00:20 +0000 (UTC)
Received: from localhost (ovpn-204-20.brq.redhat.com [10.40.204.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 86C2C9067;
	Thu, 31 Jan 2019 01:00:19 +0000 (UTC)
From: Max Reitz <mreitz@redhat.com>
To: qemu-block@nongnu.org
Date: Thu, 31 Jan 2019 01:59:41 +0100
Message-Id: <20190131005945.20149-10-mreitz@redhat.com>
In-Reply-To: <20190131005945.20149-1-mreitz@redhat.com>
References: <20190131005945.20149-1-mreitz@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.28]);
	Thu, 31 Jan 2019 01:00:20 +0000 (UTC)
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.132.183.28
Subject: [Qemu-devel] [PULL 09/13] nvme: ensure the num_queues is not zero
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Kevin Wolf <kwolf@redhat.com>, Peter Maydell <peter.maydell@linaro.org>,
	qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Content-Type: text/plain; charset="utf-8"

From: Li Qiang <liq3ea@163.com>

When it is zero, it causes segv.
Using following command:

"-drive file=3D//home/test/test1.img,if=3Dnone,id=3Did0
-device nvme,drive=3Did0,serial=3Dtest,num_queues=3D0"
causes following Backtrack:

Thread 4 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe9735700 (LWP 30952)]
0x0000555555a7a77c in nvme_start_ctrl (n=3D0x5555577473f0) at hw/block/nvme=
.c:825
825	    if (unlikely(n->cq[0])) {
(gdb) bt
0  0x0000555555a7a77c in nvme_start_ctrl (n=3D0x5555577473f0)
    at hw/block/nvme.c:825
1  0x0000555555a7af7f in nvme_write_bar (n=3D0x5555577473f0, offset=3D20,
    data=3D4587521, size=3D4) at hw/block/nvme.c:969
2  0x0000555555a7b81a in nvme_mmio_write (opaque=3D0x5555577473f0, addr=3D2=
0,
    data=3D4587521, size=3D4) at hw/block/nvme.c:1163
3  0x0000555555869236 in memory_region_write_accessor (mr=3D0x555557747cd0,
    addr=3D20, value=3D0x7fffe97320f8, size=3D4, shift=3D0, mask=3D42949672=
95, attrs=3D...)
    at /home/test/qemu1/qemu/memory.c:502
4  0x0000555555869446 in access_with_adjusted_size (addr=3D20,
    value=3D0x7fffe97320f8, size=3D4, access_size_min=3D2, access_size_max=
=3D8,
    access_fn=3D0x55555586914d <memory_region_write_accessor>,
    mr=3D0x555557747cd0, attrs=3D...) at /home/test/qemu1/qemu/memory.c:568
5  0x000055555586c479 in memory_region_dispatch_write (mr=3D0x555557747cd0,
    addr=3D20, data=3D4587521, size=3D4, attrs=3D...)
    at /home/test/qemu1/qemu/memory.c:1499
6  0x00005555558030af in flatview_write_continue (fv=3D0x7fffe0061130,
    addr=3D4273930260, attrs=3D..., buf=3D0x7ffff7ff0028 "\001", len=3D4, a=
ddr1=3D20,
    l=3D4, mr=3D0x555557747cd0) at /home/test/qemu1/qemu/exec.c:3234
7  0x00005555558031f9 in flatview_write (fv=3D0x7fffe0061130, addr=3D427393=
0260,
    attrs=3D..., buf=3D0x7ffff7ff0028 "\001", len=3D4)
    at /home/test/qemu1/qemu/exec.c:3273
8  0x00005555558034ff in address_space_write (
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
---Type <return> to continue, or q <return> to quit---
    as=3D0x555556758480 <address_space_memory>, addr=3D4273930260, attrs=3D=
...,
    buf=3D0x7ffff7ff0028 "\001", len=3D4) at /home/test/qemu1/qemu/exec.c:3=
363
9  0x0000555555803550 in address_space_rw (
    as=3D0x555556758480 <address_space_memory>, addr=3D4273930260, attrs=3D=
...,
    buf=3D0x7ffff7ff0028 "\001", len=3D4, is_write=3Dtrue)
    at /home/test/qemu1/qemu/exec.c:3374
10 0x00005555558884a1 in kvm_cpu_exec (cpu=3D0x555556920e40)
    at /home/test/qemu1/qemu/accel/kvm/kvm-all.c:2031
11 0x000055555584cd9d in qemu_kvm_cpu_thread_fn (arg=3D0x555556920e40)
    at /home/test/qemu1/qemu/cpus.c:1281
12 0x0000555555dbaf6d in qemu_thread_start (args=3D0x5555569438a0)
    at util/qemu-thread-posix.c:502
13 0x00007ffff5dc86db in start_thread (arg=3D0x7fffe9735700)
    at pthread_create.c:463
14 0x00007ffff5af188f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
Message-id: 20190120055558.32984-3-liq3ea@163.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 hw/block/nvme.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index f206391e8e..0b77b49b36 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1208,6 +1208,11 @@ static void nvme_realize(PCIDevice *pci_dev, Error *=
*errp)
     int64_t bs_size;
     uint8_t *pci_conf;
=20
+    if (!n->num_queues) {
+        error_setg(errp, "num_queues can't be zero");
+        return;
+    }
+
     if (!n->conf.blk) {
         error_setg(errp, "drive property not set");
         return;
--=20
2.20.1