From nobody Thu Apr 2 22:24:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1774513556; cv=none; d=zohomail.com; s=zohoarc; b=d19GUIznCPzlmtjKcx1PVQTNX/WOV7hT1fKvaAVEILxUCY5hwwA98mryc9upOmwMsn+sN6rW6oRvbmbL3gQzBitk4953oaNCnBB3L4Z2M2mNVYYQksZJ8/si+fbv5VfdbiY1WAoE6YBqVo4ruH+TNDmGiEnrxFn3gyaoZ/XAp0M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774513556; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gQH1ApkEVGpG7hoRi0wrrA6c5eVpDnsCS8lGdKrEb8s=; b=foE2NcEWnb50Dsr0Na5nCPWGaYqO7/10sMzjoIOMFuQ2uVaxcNPBOFvj6W50zewDa9bhv4/tA3s3k5ReFvOqLLKK2F1v/xlTXSUJSsi51Qf/ztciAb0iVCJAdEGG1CSglOMLcoyKqP3eQlPNiwUy3iKtWVF+QremlBWRHeVkDE4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774513555809831.7167455652843; Thu, 26 Mar 2026 01:25:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w5g1K-00036P-BS; Thu, 26 Mar 2026 04:24:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w5g1H-000352-0y; Thu, 26 Mar 2026 04:24:47 -0400 Received: from fhigh-b7-smtp.messagingengine.com ([202.12.124.158]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w5g1D-0006lA-G5; Thu, 26 Mar 2026 04:24:46 -0400 Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id DFED07A0287; Thu, 26 Mar 2026 04:24:40 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Thu, 26 Mar 2026 04:24:41 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 26 Mar 2026 04:24:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1774513480; x= 1774599880; bh=gQH1ApkEVGpG7hoRi0wrrA6c5eVpDnsCS8lGdKrEb8s=; b=i irc5U0H6IRyYgOITuzRJmPTwpZUkasUCpQQuLkIuWcU/jX/YVoOmoRwWzedQLz35 cq8jZwtoOBa9G/hU/vc+9ax1CPj9QBZqI8Orfra7KSIopysYTueOpSbGUe2A9qRV 6jWGTHDBRBl23hrBzzALz+QRbzolhXbPplqOy24SJWXvbB6u2p3q62IvgZNN/RL7 ZHRdqKDbeMkkft+He+okZBwhDvwKqvfwwP1NCqnv1c9xnT/HbvU4NbZgWHqI9DBs vjazRrdbDt1OD10HC5XzOBpl6wiQ29MSVlU7bfETwaxxK4VbXNlm1yhahx/RQaEL Nripe63sM4vMRD44jNm6Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1774513480; x=1774599880; bh=g QH1ApkEVGpG7hoRi0wrrA6c5eVpDnsCS8lGdKrEb8s=; b=BU3Ej55G7b9E2Hwhv aH/6gHkXubFJWz3jRj/hy8hpezIcITnR0M80tAF5JPWJk+Jc5NjyCq6x/dBFBxLK xWJzLlHJe8UB2fHIfxLpW0/2rDtGPGVCSkc8+Gm+F0KZIRnCiXm/fxV8PTGn7gRW eIuXj2allczJ7jQ32SVM1OX21VK54EgYjxsBaZj7SuRaI6FQbBBKZsDMYnMR5Vml MEMJ5NReJDh9bta8ZGrEcjnCDMg9hUSF+6a3xCScQ3qNgngLgxGB8Z1eUDG72r70 XihxxpTOee7usCn3CQW4iV7ppSAdVpYxASvgNARrwddjhHYWzb8PjbkWSlHCy3bb 2o8hg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefvdeikeekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghushcu lfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrthhtvg hrnhepheefkefgjeejjeejuddtieeggeetfeevkedufeehveejkeeiueffueelieehueeg necuffhomhgrihhnpehkvghrnhgvlhdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpehithhssehirhhrvghlvghvrghnthdrughkpdhn sggprhgtphhtthhopeekpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehqvghmuh dquggvvhgvlhesnhhonhhgnhhurdhorhhgpdhrtghpthhtohepphgvthgvrhdrmhgrhigu vghllheslhhinhgrrhhordhorhhgpdhrtghpthhtohepphdrrhgrghhhrghvsehsrghmsh hunhhgrdgtohhmpdhrtghpthhtohepkhdrjhgvnhhsvghnsehsrghmshhunhhgrdgtohhm pdhrtghpthhtohepkhgsuhhstghhsehkvghrnhgvlhdrohhrghdprhgtphhtthhopehith hssehirhhrvghlvghvrghnthdrughkpdhrtghpthhtohepfhhoshhsseguvghfmhgrtghr ohdrihhtpdhrtghpthhtohepqhgvmhhuqdgslhhotghksehnohhnghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: idc91472f:Fastmail From: Klaus Jensen To: qemu-devel@nongnu.org Cc: Peter Maydell , Pankaj Raghav , Klaus Jensen , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org Subject: [PULL 1/2] hw/nvme: re-enable wzds bit in namespace dlfeat Date: Thu, 26 Mar 2026 09:23:48 +0100 Message-ID: <20260326082350.17374-2-its@irrelevant.dk> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326082350.17374-1-its@irrelevant.dk> References: <20260326082350.17374-1-its@irrelevant.dk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=202.12.124.158; envelope-from=its@irrelevant.dk; helo=fhigh-b7-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @irrelevant.dk) X-ZM-MESSAGEID: 1774513557930158500 Content-Type: text/plain; charset="utf-8" From: Pankaj Raghav dlfeat was changed from 0x9 to 0x1 when PI support was added. It was removed because we can't rely on unmap and have to physically clear it to get the checksums right but that doesnt mean that we do not support the bit. The spec says that if wzds is enabled, then the controller supports deallocate (DEAC) on write zeroes. But DEAC bit in write zeroes command is only a hint, the controller might choose to physically write zeroes in those areas. As we are sending write zeroes command with BDRV_REQ_MAY_UNMAP to the underlying block device anyway (if the unmap operation is supported), change the dlfeat value back to 0x9. A new flag FALLOC_FL_WRITE_ZEROES has been introduced in linux for fallocate which will use the wzds bit in dlfeat to quickly zeroout extents using unmap operation whenever possible[1]. [1] https://lore.kernel.org/linux-fsdevel/20250619111806.3546162-1-yi.zhang= @huaweicloud.com/ Fixes: 146f720c55 ("hw/block/nvme: end-to-end data protection") Suggested-by: Klaus Jensen Signed-off-by: Pankaj Raghav Signed-off-by: Klaus Jensen --- hw/nvme/ns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/nvme/ns.c b/hw/nvme/ns.c index 38f86a17268f..b0106eaa5c8f 100644 --- a/hw/nvme/ns.c +++ b/hw/nvme/ns.c @@ -75,7 +75,7 @@ static int nvme_ns_init(NvmeNamespace *ns, Error **errp) ns->csi =3D NVME_CSI_NVM; ns->status =3D 0x0; =20 - ns->id_ns.dlfeat =3D 0x1; + ns->id_ns.dlfeat =3D 0x9; =20 /* support DULBE and I/O optimization fields */ id_ns->nsfeat |=3D (NVME_ID_NS_NSFEAT_DAE | NVME_ID_NS_NSFEAT_OPTPERF_= ALL); --=20 2.53.0 From nobody Thu Apr 2 22:24:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1774513537; cv=none; d=zohomail.com; s=zohoarc; b=C988oN74l7Jox8hdlWPLcTVucSnjid/YqtnUWdLS9IjmQvbbEOTCHXh3fOimMwFBkbE9vr9LW7lF0pcD9B9s2FsaU0XC5j/dcVVZcDDXKW45JCxM8Qso6anWdM1/+JM+XABIZ4pp8VXNyuUTRMjBU+H1L5FVMboxY0Yw+EOH0JI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774513537; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Xe0NNasWuj7ft2jRrG9JeA8yj0VbUSM2GM8CLq1zSVQ=; b=c+EnPTyv8VbcQKP8Dzr4ZyMhmqQX345SgeM1Tq+I8jVHc3o4WgVxG9YPuDHB6xIUHGag4El22UenDe70JN6rOw3gvtYdDEhMtIVMBp450McxZAxS2w1CaUCC25csBgQk3KQh6p7QS9475tlu38XhInfQ4w8X7WYApu8D3gPHaCE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774513537217891.14287769158; Thu, 26 Mar 2026 01:25:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w5g1L-00036r-EC; Thu, 26 Mar 2026 04:24:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w5g1H-000353-1I; Thu, 26 Mar 2026 04:24:47 -0400 Received: from fout-b5-smtp.messagingengine.com ([202.12.124.148]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w5g1F-0006lh-DS; Thu, 26 Mar 2026 04:24:46 -0400 Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44]) by mailfout.stl.internal (Postfix) with ESMTP id BA9021D0020E; Thu, 26 Mar 2026 04:24:43 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Thu, 26 Mar 2026 04:24:44 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 26 Mar 2026 04:24:41 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1774513483; x= 1774599883; bh=Xe0NNasWuj7ft2jRrG9JeA8yj0VbUSM2GM8CLq1zSVQ=; b=P vVR5vTSATXKZk3n4O6TfjQCs4V8MnYV/W2AMDYjO/RIPJgCwRoVDpvFGI5XWmFr4 TmBV7sLc5gqHWRz0eDOZnu68zgYdXStkwm6BrUzPIp6QhRBopWVLp+gfUWqw9KKm z+j9zuMW9VwmnMHHEPWBIIJLvK9A8RnDedqFLk0oM/vCGvR3HbLQ3vJrB/OHmKuB 0bEpN8w66m6kT6Pd8sqvlWJ2lJHiUQGuWk4ReaMIbKtTbXD9jE4FCSz8vQSI2taH RGxXUqzJpSJC1AY31CTP2vBVUgdRLlIYDIKgNSxjRymkv8RVU2n1rysxos/+pX9i /VfUNLe9DLptLX35CGijQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1774513483; x=1774599883; bh=X e0NNasWuj7ft2jRrG9JeA8yj0VbUSM2GM8CLq1zSVQ=; b=4r7XUjcsh7f2Az6P1 ucQpKFAxhOdfc2ecNoq0knbrNJXi656iGZ/vsc465E0wLumao13tj2eZDRIdWKLe /coFwKQ0Ayh6Vk/S/59uGbvWL52PmHatRhlaWPetP+oacJeR0Yr4DIlt/q9EhGVK kTrX3IyoSi5PTihQohWu0UwrV265T8tGe2nYCAF5chQIOjhu5Nok62l5Ca8XGBVo 1a88HmJejXAHIjZC1lD7CpyOB2UhhrW+qhzSzKcwB7djQ6MdNWSHF0BJm3uBa+8a UjZEiHlSct7PYDlBSZ/IVQ8NLl1XhAeXR9c80AYmyAM2J3UiyZrjWBLlO8jsYXD6 mFaQw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefvdeikeekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghushcu lfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrthhtvg hrnhepfeehteeghefffeegkefghfegieejkeevfffhjeevfeekudeiieevheetledujedu necuffhomhgrihhnpehgihhtlhgrsgdrtghomhenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpehithhssehirhhrvghlvghvrghnthdrughkpdhn sggprhgtphhtthhopeelpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehqvghmuh dquggvvhgvlhesnhhonhhgnhhurdhorhhgpdhrtghpthhtohepphgvthgvrhdrmhgrhigu vghllheslhhinhgrrhhordhorhhgpdhrtghpthhtohepkhgrihiguhgrnhhlihesnhhtuh drvgguuhdrshhgpdhrtghpthhtohepqhgvmhhuqdhsthgrsghlvgesnhhonhhgnhhurdho rhhgpdhrtghpthhtohepkhdrjhgvnhhsvghnsehsrghmshhunhhgrdgtohhmpdhrtghpth htohepkhgsuhhstghhsehkvghrnhgvlhdrohhrghdprhgtphhtthhopehithhssehirhhr vghlvghvrghnthdrughkpdhrtghpthhtohepfhhoshhsseguvghfmhgrtghrohdrihhtpd hrtghpthhtohepqhgvmhhuqdgslhhotghksehnohhnghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: idc91472f:Fastmail From: Klaus Jensen To: qemu-devel@nongnu.org Cc: Peter Maydell , Kaixuan Li , qemu-stable@nongnu.org, Klaus Jensen , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org Subject: [PULL 2/2] hw/nvme: fix heap-buffer-overflow in nvme_abort Date: Thu, 26 Mar 2026 09:23:49 +0100 Message-ID: <20260326082350.17374-3-its@irrelevant.dk> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260326082350.17374-1-its@irrelevant.dk> References: <20260326082350.17374-1-its@irrelevant.dk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=202.12.124.148; envelope-from=its@irrelevant.dk; helo=fout-b5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @irrelevant.dk) X-ZM-MESSAGEID: 1774513540855154100 Content-Type: text/plain; charset="utf-8" From: Kaixuan Li In nvme_abort(), the submission queue pointer is dereferenced from the guest-controlled sqid before validating it with nvme_check_sqid(): NvmeSQueue *sq =3D n->sq[sqid]; Since sqid is a 16-bit value (range 0-65535) taken directly from CDW10, and n->sq[] is typically only max_ioqpairs+1 (65) entries, a malicious guest can trigger an out-of-bounds heap read by sending an Abort command with a large sqid. ASan reports this as heap-buffer-overflow in nvme_abort. Fix this by moving the array dereference to after the nvme_check_sqid() bounds validation. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3348 Fixes: 75209c071a ("hw/nvme: actually implement abort") Cc: qemu-stable@nongnu.org Signed-off-by: Kaixuan Li Signed-off-by: Klaus Jensen --- hw/nvme/ctrl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index cc4593cd427a..be6c7028cb58 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -6111,7 +6111,7 @@ static uint16_t nvme_abort(NvmeCtrl *n, NvmeRequest *= req) { uint16_t sqid =3D le32_to_cpu(req->cmd.cdw10) & 0xffff; uint16_t cid =3D (le32_to_cpu(req->cmd.cdw10) >> 16) & 0xffff; - NvmeSQueue *sq =3D n->sq[sqid]; + NvmeSQueue *sq; NvmeRequest *r, *next; int i; =20 @@ -6120,6 +6120,8 @@ static uint16_t nvme_abort(NvmeCtrl *n, NvmeRequest *= req) return NVME_INVALID_FIELD | NVME_DNR; } =20 + sq =3D n->sq[sqid]; + if (sqid =3D=3D 0) { for (i =3D 0; i < n->outstanding_aers; i++) { NvmeRequest *re =3D n->aer_reqs[i]; --=20 2.53.0