From patchwork Mon Mar 29 17:04:48 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Klaus Jensen <its@irrelevant.dk>
X-Patchwork-Id: 1459732
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org
 (client-ip=209.51.188.17; helo=lists.gnu.org;
 envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=irrelevant.dk header.i=@irrelevant.dk
 header.a=rsa-sha256 header.s=fm2 header.b=Wk3aZLCV;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm2 header.b=Je3xUggf;
	dkim-atps=neutral
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4F8JwP6MhKz9sWF
	for <incoming@patchwork.ozlabs.org>; Tue, 30 Mar 2021 04:09:41 +1100 (AEDT)
Received: from localhost ([::1]:51776 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1lQvOV-0004tc-OK
	for incoming@patchwork.ozlabs.org; Mon, 29 Mar 2021 13:09:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58494)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <its@irrelevant.dk>)
 id 1lQvJy-0003Nj-Vd; Mon, 29 Mar 2021 13:04:58 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:44167)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <its@irrelevant.dk>)
 id 1lQvJw-00032Q-Ql; Mon, 29 Mar 2021 13:04:58 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id BAB3C5C0148;
 Mon, 29 Mar 2021 13:04:54 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Mon, 29 Mar 2021 13:04:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding; s=fm2; bh=Bhaa0XjHd5seE
 ge+uM76ngbV08DmpAR9qY8xsxMPQJk=; b=Wk3aZLCVeROJSTtMyeFFJgVRvvj/w
 eZQQh/8/025ByebBucRHTzPq15tCGURAVQkQNtRaekruZAAAtSq+lD6G8EoE6m74
 oPJx+o83Ti25cDaLVilzqw/UvAFBiRTdh5p1hhd57BdLt82q41VbLDmDNkMVHtmw
 +f7Io+pa8netChLqeB9GvhyMVCSEg8ZWM/3C7bYDdmNt/+vkzulliwu2dcxltzwF
 Nh2XIyX92EVR10xNcBvlAPp3iCpEfN0rmCbK1PqH3puKZrexpOPnzgVgBhu/JmLI
 +kDyEqtBfAKpNoD2hIIt8KkV82w02VsTC5z0YttImNgi4LIpeu7F+L+RQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:date:from
 :in-reply-to:message-id:mime-version:references:subject:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; bh=Bhaa0XjHd5seEge+uM76ngbV08DmpAR9qY8xsxMPQJk=; b=Je3xUggf
 EFqIZwPa6/zuYiPIoUyEUctA7oBJQx2IHkI/JjcbUozJc/AQcJv5UaT5IqwyZpWb
 LPdNBoduo7ooGuK2ek1JPJ/dCMDzTT3ZMzZl7mwt/FUImqTIZ+8meotTWjF3urpa
 xQm4wncRhDJoyiZEyCwRft5dvHiPf78VU/LpeAmAXtJ4YcNIA7jJ1moaaVUKa7v/
 qZgz7XHJaAUj/NvKX23T51RkJRPaWSuPZQXm3p+3z7PArWKDeLtCjOlWKR5VGGJ7
 4ht1etxa9hC83y9ojVuzZ+K9cwW80vBWxPMNFEPcv3jqKWycZKiUrjArvoZSPlGS
 WTmbDVwq0yMnwg==
X-ME-Sender: <xms:tghiYHQSSORPV0fQAy1vadBOhIBM1v15NuBHyp4Yrp3HEKX5G0zmnw>
 <xme:tghiYIwvKtZqvThJcKg5iZsa9m9y-O2h1cy_r-mKwBqYA7pAzdY9nJz54IGxRK97m
 rp4HY7KfeXAnxhKLz0>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeduledrudehkedguddutdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghu
 shculfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrth
 htvghrnhepueelteegieeuhffgkeefgfevjeeigfetkeeitdfgtdeifefhtdfhfeeuffev
 gfeknecukfhppeektddrudeijedrleekrdduledtnecuvehluhhsthgvrhfuihiivgeptd
 enucfrrghrrghmpehmrghilhhfrhhomhepihhtshesihhrrhgvlhgvvhgrnhhtrdgukh
X-ME-Proxy: <xmx:tghiYM1eHksWE6iyu-WAsWaFOrtdCrnFdsZMiwQzB1ESOKazqI7DGQ>
 <xmx:tghiYHD3-bQhP8mUTFXALM4wtt-Y9Ww5TtpPE9L7jhSUlDSCPvcGag>
 <xmx:tghiYAi_QBp8XXp4kIyknCQM9l3DMaJ56yV39WBElpgjGfCe_CQXLw>
 <xmx:tghiYLX8bg4EbM3qvYsQjCZUnxNF1kNXRKO2DD2C8gsXqnOcoFH4Dw>
Received: from apples.local (80-167-98-190-cable.dk.customer.tdc.net
 [80.167.98.190])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6B6C4108005F;
 Mon, 29 Mar 2021 13:04:53 -0400 (EDT)
From: Klaus Jensen <its@irrelevant.dk>
To: qemu-devel@nongnu.org,
	Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw
Date: Mon, 29 Mar 2021 19:04:48 +0200
Message-Id: <20210329170449.125958-2-its@irrelevant.dk>
X-Mailer: git-send-email 2.31.0
In-Reply-To: <20210329170449.125958-1-its@irrelevant.dk>
References: <20210329170449.125958-1-its@irrelevant.dk>
MIME-Version: 1.0
Received-SPF: pass client-ip=66.111.4.26; envelope-from=its@irrelevant.dk;
 helo=out2-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-block@nongnu.org,
 Klaus Jensen <k.jensen@samsung.com>,
 Gollu Appalanaidu <anaidu.gollu@samsung.com>, Max Reitz <mreitz@redhat.com>,
 Keith Busch <kbusch@kernel.org>, Klaus Jensen <its@irrelevant.dk>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

From: Klaus Jensen <k.jensen@samsung.com>

If nvme_map_dptr() fails, nvme_dif_rw() will leak the bounce context.
Fix this by using the same error handling as everywhere else in the
function.

Reported-by: Coverity (CID 1451080)
Fixes: 146f720c5563 ("hw/block/nvme: end-to-end data protection")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
---
 hw/block/nvme-dif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/nvme-dif.c b/hw/block/nvme-dif.c
index 2038d724bda5..e6f04faafb5f 100644
--- a/hw/block/nvme-dif.c
+++ b/hw/block/nvme-dif.c
@@ -432,7 +432,7 @@ uint16_t nvme_dif_rw(NvmeCtrl *n, NvmeRequest *req)
 
     status = nvme_map_dptr(n, &req->sg, mapped_len, &req->cmd);
     if (status) {
-        return status;
+        goto err;
     }
 
     ctx->data.bounce = g_malloc(len);

From patchwork Mon Mar 29 17:04:49 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Klaus Jensen <its@irrelevant.dk>
X-Patchwork-Id: 1459742
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org
 (client-ip=209.51.188.17; helo=lists.gnu.org;
 envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=irrelevant.dk header.i=@irrelevant.dk
 header.a=rsa-sha256 header.s=fm2 header.b=HgaFloAg;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm2 header.b=ujE3hxAL;
	dkim-atps=neutral
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4F8K9r3c0yz9sVm
	for <incoming@patchwork.ozlabs.org>; Tue, 30 Mar 2021 04:21:20 +1100 (AEDT)
Received: from localhost ([::1]:43834 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1lQvZm-0005gu-DS
	for incoming@patchwork.ozlabs.org; Mon, 29 Mar 2021 13:21:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58504)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <its@irrelevant.dk>)
 id 1lQvJz-0003P8-To; Mon, 29 Mar 2021 13:04:59 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:38197)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <its@irrelevant.dk>)
 id 1lQvJw-00033E-U4; Mon, 29 Mar 2021 13:04:59 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 27E015C014D;
 Mon, 29 Mar 2021 13:04:56 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Mon, 29 Mar 2021 13:04:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irrelevant.dk;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding; s=fm2; bh=kKx4g7Byamc73
 tDohNq7+68NWOhzh3b0kjWEapAwPFk=; b=HgaFloAgtM4Bi/0JsWIfmR1VTjwSR
 /MrXikuVwMmJ+KSbxiBU/i4SGmLTDHNVLsP2CIVeGKAhEgvaxhwMZ0JDkNgKMxXS
 EmkmZCkSLYksd8pKn2o6MRtGpkZNDdzc7GsZzNcifNEeiT+5aPdxPR0SdAnagKfU
 1bLLVyo7aTqZXSiAVQ+UL8YZLZB+1/z7tKchmxTVcw9DfeSqnN5f4ZeaIcuicUKq
 E58kw6rmx04rvC30IZhKlyoLUOXLhatFFA2uYqtBkUY1iOcUkO/U1W+z0RhsudXR
 g9T3MNX6OS7sRZ5zyK8eb2yHPp44GYLeemvdEb1hBD9w7eFLZkGNkJoQA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:date:from
 :in-reply-to:message-id:mime-version:references:subject:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; bh=kKx4g7Byamc73tDohNq7+68NWOhzh3b0kjWEapAwPFk=; b=ujE3hxAL
 r7cke01huV/J3APtA2wrQilQakdQW10Eh33zoSWIZ+lrpbOlyOw8HN4beHp5kJAP
 g11Mzm4XHsuhw6Mxla2Y7shBraYVw5xJX51R4YuCclLVLnjrevqOybbD94AxsMdY
 7LzYxZQPI24q4P4Yxy3K0pnBN2oIB7O3G3b5jXzcsJQaJkRmSX8MF6/zkYfCNX45
 lFuezufHIksqsQyo64NMXpX1ssRYD77ttccXCO04UisQCdHCoLxOaELkLSBohMN6
 Y6rm0uvcFmo6RTzvB99/l1XZk2SKZzIeVHIyrBMp+qtO5fQwkxmWUps/4HWsVXTz
 ZSc/ny+XhF2DYg==
X-ME-Sender: <xms:uAhiYCUQYynSV0W8dq3d26Yz-AIzvZn3XqD8scF-2elk3aFkiSEEtQ>
 <xme:uAhiYOk5wd8nx1PcRldQO15iQHDHETS9DglWkd1D-FARjxP9TQN9F1uGMfoTWwO3x
 VR_tz2HTf86PfFBtZQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeduledrudehkedguddutdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomhepmfhlrghu
 shculfgvnhhsvghnuceoihhtshesihhrrhgvlhgvvhgrnhhtrdgukheqnecuggftrfgrth
 htvghrnhepueelteegieeuhffgkeefgfevjeeigfetkeeitdfgtdeifefhtdfhfeeuffev
 gfeknecukfhppeektddrudeijedrleekrdduledtnecuvehluhhsthgvrhfuihiivgeptd
 enucfrrghrrghmpehmrghilhhfrhhomhepihhtshesihhrrhgvlhgvvhgrnhhtrdgukh
X-ME-Proxy: <xmx:uAhiYGZWeUeLwS-KJwtkhhYDmp7u3bvBNCH3gd8u_84gpjuzXlT0jQ>
 <xmx:uAhiYJXZNNFUsHSzHwlFuLnPizJo8bgznrOtWVBXnxdYHqvY1njc0A>
 <xmx:uAhiYMlGnJa2MtTVvtsi3M7At2Cinmmek96OWKlUkYKUGf3jaA7WhQ>
 <xmx:uAhiYKbIeCRiTkX8s6IIyLaIhHx3jE58L9nJK062U9AOaGBqowmwuQ>
Received: from apples.local (80-167-98-190-cable.dk.customer.tdc.net
 [80.167.98.190])
 by mail.messagingengine.com (Postfix) with ESMTPA id CAC621080054;
 Mon, 29 Mar 2021 13:04:54 -0400 (EDT)
From: Klaus Jensen <its@irrelevant.dk>
To: qemu-devel@nongnu.org,
	Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL for-6.0 2/2] hw/block/nvme: fix ref counting in nvme_format_ns
Date: Mon, 29 Mar 2021 19:04:49 +0200
Message-Id: <20210329170449.125958-3-its@irrelevant.dk>
X-Mailer: git-send-email 2.31.0
In-Reply-To: <20210329170449.125958-1-its@irrelevant.dk>
References: <20210329170449.125958-1-its@irrelevant.dk>
MIME-Version: 1.0
Received-SPF: pass client-ip=66.111.4.26; envelope-from=its@irrelevant.dk;
 helo=out2-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-block@nongnu.org,
 Klaus Jensen <k.jensen@samsung.com>,
 Gollu Appalanaidu <anaidu.gollu@samsung.com>, Max Reitz <mreitz@redhat.com>,
 Keith Busch <kbusch@kernel.org>, Klaus Jensen <its@irrelevant.dk>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

From: Klaus Jensen <k.jensen@samsung.com>

Max noticed that since blk_aio_pwrite_zeroes() may invoke the callback
before returning, the callbacks will never see *count == 0 and thus
never free the count variable or decrement num_formats causing a CQE to
never be posted.

Coverity (CID 1451082) also picked up on the fact that count would not
be free'ed if the namespace was of zero size.

Fix both of these issues by explicitly checking *count and finalize for
the given namespace if --(*count) is zero. Enqueing a CQE if there are
no AIOs outstanding after this case is already handled by nvme_format()
by inspecting *num_formats.

Reported-by: Max Reitz <mreitz@redhat.com>
Reported-by: Coverity (CID 1451082)
Fixes: dc04d25e2f3f ("hw/block/nvme: add support for the format nvm command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
---
 hw/block/nvme.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 6842b01ab58b..c54ec3c9523c 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -5009,9 +5009,15 @@ static uint16_t nvme_format_ns(NvmeCtrl *n, NvmeNamespace *ns, uint8_t lbaf,
 
     }
 
-    (*count)--;
+    if (--(*count)) {
+        return NVME_NO_COMPLETE;
+    }
 
-    return NVME_NO_COMPLETE;
+    g_free(count);
+    ns->status = 0x0;
+    (*num_formats)--;
+
+    return NVME_SUCCESS;
 }
 
 static uint16_t nvme_format(NvmeCtrl *n, NvmeRequest *req)