From: Shimi Gersner <gersner@gmail.com>
To: qemu-block@nongnu.org, qemu-devel@nongnu.org
Cc: Keith Busch <keith.busch@intel.com>,
Kevin Wolf <kwolf@redhat.com>, Max Reitz <mreitz@redhat.com>,
David Sariel <davidsa@openu.ac.il>,
Shimi Gersner <gersner@gmail.com>
Subject: [Qemu-devel] [PATCH 2/5] nvme: CQ/SQ proper validation & status code
Date: Fri, 22 Jun 2018 11:22:34 +0000 [thread overview]
Message-ID: <20180622112237.2131-2-gersner@gmail.com> (raw)
In-Reply-To: <20180622112237.2131-1-gersner@gmail.com>
Device fails to properly comply CQ/SQ id validation.
nvme_check_[cs]id was used for both validation of the id and
to check if the id is used. Function was split and into two
seperate functions and used properly on CQ/SQ creation/deletion.
When id check is failed a proper error should be returned as defined
by the sepecification.
Additionally, CQ creation failed to properly check irq vector number.
Change-Id: I3b6d8179ce567be4cd064c0be0ed69a740708096
Signed-off-by: Shimi Gersner <gersner@gmail.com>
---
hw/block/nvme.c | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 9d5414c80f..24a51d33ea 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -62,14 +62,24 @@ static void nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size)
}
}
-static int nvme_check_sqid(NvmeCtrl *n, uint16_t sqid)
+static int nvme_valid_sqid(NvmeCtrl *n, uint16_t sqid)
{
- return sqid < n->num_queues && n->sq[sqid] != NULL ? 0 : -1;
+ return sqid < n->num_queues;
}
-static int nvme_check_cqid(NvmeCtrl *n, uint16_t cqid)
+static int nvme_used_sqid(NvmeCtrl *n, uint16_t sqid)
{
- return cqid < n->num_queues && n->cq[cqid] != NULL ? 0 : -1;
+ return sqid < n->num_queues && n->sq[sqid] != NULL ? 1 : 0;
+}
+
+static int nvme_valid_cqid(NvmeCtrl *n, uint16_t cqid)
+{
+ return cqid < n->num_queues;
+}
+
+static int nvme_used_cqid(NvmeCtrl *n, uint16_t cqid)
+{
+ return cqid < n->num_queues && n->cq[cqid] != NULL ? 1 : 0;
}
static void nvme_inc_cq_tail(NvmeCQueue *cq)
@@ -433,7 +443,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd)
NvmeCQueue *cq;
uint16_t qid = le16_to_cpu(c->qid);
- if (unlikely(!qid || nvme_check_sqid(n, qid))) {
+ if (unlikely(!qid || !nvme_used_sqid(n, qid))) {
trace_nvme_err_invalid_del_sq(qid);
return NVME_INVALID_QID | NVME_DNR;
}
@@ -446,7 +456,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd)
assert(req->aiocb);
blk_aio_cancel(req->aiocb);
}
- if (!nvme_check_cqid(n, sq->cqid)) {
+ if (nvme_used_cqid(n, sq->cqid)) {
cq = n->cq[sq->cqid];
QTAILQ_REMOVE(&cq->sq_list, sq, entry);
@@ -504,11 +514,11 @@ static uint16_t nvme_create_sq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_create_sq(prp1, sqid, cqid, qsize, qflags);
- if (unlikely(!cqid || nvme_check_cqid(n, cqid))) {
+ if (unlikely(!cqid || !nvme_used_cqid(n, cqid))) {
trace_nvme_err_invalid_create_sq_cqid(cqid);
return NVME_INVALID_CQID | NVME_DNR;
}
- if (unlikely(!sqid || !nvme_check_sqid(n, sqid))) {
+ if (unlikely(!sqid || !nvme_valid_sqid(n, sqid) || nvme_used_sqid(n, sqid))) {
trace_nvme_err_invalid_create_sq_sqid(sqid);
return NVME_INVALID_QID | NVME_DNR;
}
@@ -546,9 +556,9 @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd)
NvmeCQueue *cq;
uint16_t qid = le16_to_cpu(c->qid);
- if (unlikely(!qid || nvme_check_cqid(n, qid))) {
+ if (unlikely(!qid || !nvme_used_cqid(n, qid))) {
trace_nvme_err_invalid_del_cq_cqid(qid);
- return NVME_INVALID_CQID | NVME_DNR;
+ return NVME_INVALID_QID | NVME_DNR;
}
cq = n->cq[qid];
@@ -592,9 +602,9 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_create_cq(prp1, cqid, vector, qsize, qflags,
NVME_CQ_FLAGS_IEN(qflags) != 0);
- if (unlikely(!cqid || !nvme_check_cqid(n, cqid))) {
+ if (unlikely(!cqid || !nvme_valid_cqid(n, cqid) || nvme_used_cqid(n, cqid))) {
trace_nvme_err_invalid_create_cq_cqid(cqid);
- return NVME_INVALID_CQID | NVME_DNR;
+ return NVME_INVALID_QID | NVME_DNR;
}
if (unlikely(!qsize || qsize > NVME_CAP_MQES(n->bar.cap))) {
trace_nvme_err_invalid_create_cq_size(qsize);
@@ -604,7 +614,7 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_err_invalid_create_cq_addr(prp1);
return NVME_INVALID_FIELD | NVME_DNR;
}
- if (unlikely(vector > n->num_queues)) {
+ if (unlikely(vector >= n->num_queues)) {
trace_nvme_err_invalid_create_cq_vector(vector);
return NVME_INVALID_IRQ_VECTOR | NVME_DNR;
}
@@ -1091,7 +1101,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val)
NvmeCQueue *cq;
qid = (addr - (0x1000 + (1 << 2))) >> 3;
- if (unlikely(nvme_check_cqid(n, qid))) {
+ if (unlikely(!nvme_used_cqid(n, qid))) {
NVME_GUEST_ERR(nvme_ub_db_wr_invalid_cq,
"completion queue doorbell write"
" for nonexistent queue,"
@@ -1129,7 +1139,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val)
NvmeSQueue *sq;
qid = (addr - 0x1000) >> 3;
- if (unlikely(nvme_check_sqid(n, qid))) {
+ if (unlikely(!nvme_used_sqid(n, qid))) {
NVME_GUEST_ERR(nvme_ub_db_wr_invalid_sq,
"submission queue doorbell write"
" for nonexistent queue,"
--
2.17.1
next prev parent reply other threads:[~2018-06-22 11:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 11:22 [Qemu-devel] [PATCH 1/5] nvme: PCI/e configuration from specification Shimi Gersner
2018-06-22 11:22 ` Shimi Gersner [this message]
2018-06-22 11:22 ` [Qemu-devel] [PATCH 3/5] nvme: Proper state handling on enable/disable Shimi Gersner
2018-06-22 11:22 ` [Qemu-devel] [PATCH 4/5] nvme: Fix phantom irq raise Shimi Gersner
2018-06-22 11:22 ` [Qemu-devel] [PATCH 5/5] nvme: Missing MSI message upon partial CQ read Shimi Gersner
2018-07-12 11:47 ` [Qemu-devel] [PATCH 1/5] nvme: PCI/e configuration from specification Kevin Wolf
2018-07-13 7:40 ` David Sariel
2018-07-15 6:20 ` Daniel Verkamp
2018-08-26 21:49 ` Gersner
2018-08-30 15:45 ` Daniel Verkamp
2018-09-12 19:53 ` Gersner
2018-09-12 21:21 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180622112237.2131-2-gersner@gmail.com \
--to=gersner@gmail.com \
--cc=davidsa@openu.ac.il \
--cc=keith.busch@intel.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.