[v7,30/48] nvme: verify validity of prp lists in the cmb

Message ID	20200415055140.466900-31-its@irrelevant.dk
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Klaus Jensen <its@irrelevant.dk> To: qemu-block@nongnu.org Subject: [PATCH v7 30/48] nvme: verify validity of prp lists in the cmb Date: Wed, 15 Apr 2020 07:51:22 +0200 Message-Id: <20200415055140.466900-31-its@irrelevant.dk> In-Reply-To: <20200415055140.466900-1-its@irrelevant.dk> References: <20200415055140.466900-1-its@irrelevant.dk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: list Cc: Kevin Wolf <kwolf@redhat.com>, Beata Michalska <beata.michalska@linaro.org>, Klaus Jensen <k.jensen@samsung.com>, qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>, Klaus Jensen <its@irrelevant.dk>, Keith Busch <kbusch@kernel.org>, Javier Gonzalez <javier.gonz@samsung.com>, Maxim Levitsky <mlevitsk@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	nvme: support NVMe v1.3d, SGLs and multiple namespaces \| expand [v7,00/48] nvme: support NVMe v1.3d, SGLs and multiple namespaces [v7,01/48] nvme: rename trace events to nvme_dev [v7,02/48] nvme: remove superfluous breaks [v7,03/48] nvme: move device parameters to separate struct [v7,04/48] nvme: bump spec data structures to v1.3 [v7,05/48] nvme: use constants in identify [v7,06/48] nvme: refactor nvme_addr_read [v7,07/48] nvme: add support for the abort command [v7,08/48] nvme: fix pci doorbell size calculation [v7,09/48] nvme: add max_ioqpairs device parameter [v7,10/48] nvme: remove redundant cmbloc/cmbsz members [v7,11/48] nvme: refactor device realization [v7,12/48] nvme: add temperature threshold feature [v7,13/48] nvme: add support for the get log page command [v7,14/48] nvme: add support for the asynchronous event request command [v7,15/48] nvme: add missing mandatory features [v7,16/48] nvme: additional tracing [v7,17/48] nvme: make sure ncqr and nsqr is valid [v7,18/48] nvme: add log specific field to trace events [v7,19/48] nvme: support identify namespace descriptor list [v7,20/48] nvme: enforce valid queue creation sequence [v7,21/48] nvme: provide the mandatory subnqn field [v7,22/48] nvme: bump supported version to v1.3 [v7,23/48] nvme: memset preallocated requests structures [v7,24/48] nvme: add mapping helpers [v7,25/48] nvme: replace dma_acct with blk_acct equivalent [v7,26/48] nvme: remove redundant has_sg member [v7,27/48] nvme: refactor dma read/write [v7,28/48] nvme: pass request along for tracing [v7,29/48] nvme: add request mapping helper [v7,30/48] nvme: verify validity of prp lists in the cmb [v7,31/48] nvme: refactor request bounds checking [v7,32/48] nvme: add check for mdts [v7,33/48] nvme: be consistent about zeros vs zeroes [v7,34/48] nvme: refactor NvmeRequest [v7,35/48] nvme: remove NvmeCmd parameter [v7,36/48] nvme: allow multiple aios per command [v7,37/48] nvme: add nvme_check_rw helper [v7,38/48] nvme: use preallocated qsg/iov in nvme_dma_prp [v7,39/48] pci: pass along the return value of dma_memory_rw [v7,40/48] nvme: handle dma errors [v7,41/48] nvme: harden cmb access [v7,42/48] nvme: add support for scatter gather lists [v7,43/48] nvme: add support for sgl bit bucket descriptor [v7,44/48] nvme: refactor identify active namespace id list [v7,45/48] nvme: support multiple namespaces [v7,46/48] pci: allocate pci id for nvme [v7,47/48] nvme: change controller pci id [v7,48/48] nvme: make lba data size configurable

Message ID

20200415055140.466900-31-its@irrelevant.dk

State

New

Headers

From: Klaus Jensen <its@irrelevant.dk>
To: qemu-block@nongnu.org
Subject: [PATCH v7 30/48] nvme: verify validity of prp lists in the cmb
Date: Wed, 15 Apr 2020 07:51:22 +0200
Message-Id: <20200415055140.466900-31-its@irrelevant.dk>
In-Reply-To: <20200415055140.466900-1-its@irrelevant.dk>
References: <20200415055140.466900-1-its@irrelevant.dk>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: list
Cc: Kevin Wolf <kwolf@redhat.com>,
 Beata Michalska <beata.michalska@linaro.org>,
 Klaus Jensen <k.jensen@samsung.com>, qemu-devel@nongnu.org,
 Max Reitz <mreitz@redhat.com>, Klaus Jensen <its@irrelevant.dk>,
 Keith Busch <kbusch@kernel.org>, Javier Gonzalez <javier.gonz@samsung.com>,
 Maxim Levitsky <mlevitsk@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

nvme: support NVMe v1.3d, SGLs and multiple namespaces | expand

Commit Message

Klaus Jensen April 15, 2020, 5:51 a.m. UTC

From: Klaus Jensen <k.jensen@samsung.com>

Before this patch the device already supported this, but it did not
check for the validity of it nor announced the support in the LISTS
field.

If some of the PRPs in a PRP list are in the CMB, then ALL entries must
be there. This patch makes sure that is verified as well as properly
announcing support for PRP lists in the CMB.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 hw/block/nvme.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 1f4ce48b9cbb..3e5e99644a4e 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -218,6 +218,7 @@  static uint16_t nvme_map_prp(NvmeCtrl *n, QEMUSGList *qsg, QEMUIOVector *iov,
     trans_len = MIN(len, trans_len);
     int num_prps = (len >> n->page_bits) + 1;
     uint16_t status;
+    bool prp_list_in_cmb = false;
 
     trace_nvme_dev_map_prp(nvme_cid(req), trans_len, len, prp1, prp2,
                            num_prps);
@@ -245,11 +246,16 @@  static uint16_t nvme_map_prp(NvmeCtrl *n, QEMUSGList *qsg, QEMUIOVector *iov,
             status = NVME_INVALID_FIELD | NVME_DNR;
             goto unmap;
         }
+
         if (len > n->page_size) {
             uint64_t prp_list[n->max_prp_ents];
             uint32_t nents, prp_trans;
             int i = 0;
 
+            if (nvme_addr_is_cmb(n, prp2)) {
+                prp_list_in_cmb = true;
+            }
+
             nents = (len + n->page_size - 1) >> n->page_bits;
             prp_trans = MIN(n->max_prp_ents, nents) * sizeof(uint64_t);
             nvme_addr_read(n, prp2, (void *)prp_list, prp_trans);
@@ -263,6 +269,11 @@  static uint16_t nvme_map_prp(NvmeCtrl *n, QEMUSGList *qsg, QEMUIOVector *iov,
                         goto unmap;
                     }
 
+                    if (prp_list_in_cmb != nvme_addr_is_cmb(n, prp_ent)) {
+                        status = NVME_INVALID_USE_OF_CMB | NVME_DNR;
+                        goto unmap;
+                    }
+
                     i = 0;
                     nents = (len + n->page_size - 1) >> n->page_bits;
                     prp_trans = MIN(n->max_prp_ents, nents) * sizeof(uint64_t);
@@ -282,6 +293,7 @@  static uint16_t nvme_map_prp(NvmeCtrl *n, QEMUSGList *qsg, QEMUIOVector *iov,
                 if (status) {
                     goto unmap;
                 }
+
                 len -= trans_len;
                 i++;
             }
@@ -1953,7 +1965,7 @@  static void nvme_init_cmb(NvmeCtrl *n, PCIDevice *pci_dev)
 
     NVME_CMBSZ_SET_SQS(n->bar.cmbsz, 1);
     NVME_CMBSZ_SET_CQS(n->bar.cmbsz, 0);
-    NVME_CMBSZ_SET_LISTS(n->bar.cmbsz, 0);
+    NVME_CMBSZ_SET_LISTS(n->bar.cmbsz, 1);
     NVME_CMBSZ_SET_RDS(n->bar.cmbsz, 1);
     NVME_CMBSZ_SET_WDS(n->bar.cmbsz, 1);
     NVME_CMBSZ_SET_SZU(n->bar.cmbsz, 2);

[v7,30/48] nvme: verify validity of prp lists in the cmb

Commit Message

Patch