[PULL 3/3] hw/nvme: Validate PMR memory size

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Klaus Jensen <its@irrelevant.dk>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Klaus Jensen" <k.jensen@samsung.com>,
	"Keith Busch" <kbusch@kernel.org>,
	"Klaus Jensen" <its@irrelevant.dk>,
	"Jesper Devantier" <foss@defmacro.it>,
	"Fabiano Rosas" <farosas@suse.de>,
	"Laurent Vivier" <lvivier@redhat.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	qemu-block@nongnu.org
Subject: [PULL 3/3] hw/nvme: Validate PMR memory size
Date: Tue, 25 Nov 2025 09:47:25 +0100	[thread overview]
Message-ID: <20251125084725.4632-4-its@irrelevant.dk> (raw)
In-Reply-To: <20251125084725.4632-1-its@irrelevant.dk>

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Per the PCI spec 3.0, in section 6.2.5.1, "Address Maps":

  A 32-bit register can be implemented to support a single
  memory size that is a power of 2 from 16 bytes to 2 GB.

Add a check in nvme_init_pmr(), returning an error if the
PMR region size is too small; and update the QTest.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/nvme/ctrl.c          | 13 +++++++++++--
 tests/qtest/nvme-test.c |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 901d4d863355..cc4593cd427a 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -8814,10 +8814,15 @@ static void nvme_init_cmb(NvmeCtrl *n, PCIDevice *pci_dev)
     }
 }
 
-static void nvme_init_pmr(NvmeCtrl *n, PCIDevice *pci_dev)
+static bool nvme_init_pmr(NvmeCtrl *n, PCIDevice *pci_dev, Error **errp)
 {
     uint32_t pmrcap = ldl_le_p(&n->bar.pmrcap);
 
+    if (memory_region_size(&n->pmr.dev->mr) < 16) {
+        error_setg(errp, "PMR device must have at least 16 bytes");
+        return false;
+    }
+
     NVME_PMRCAP_SET_RDS(pmrcap, 1);
     NVME_PMRCAP_SET_WDS(pmrcap, 1);
     NVME_PMRCAP_SET_BIR(pmrcap, NVME_PMR_BIR);
@@ -8832,6 +8837,8 @@ static void nvme_init_pmr(NvmeCtrl *n, PCIDevice *pci_dev)
                      PCI_BASE_ADDRESS_MEM_PREFETCH, &n->pmr.dev->mr);
 
     memory_region_set_enabled(&n->pmr.dev->mr, false);
+
+    return true;
 }
 
 static uint64_t nvme_mbar_size(unsigned total_queues, unsigned total_irqs,
@@ -9050,7 +9057,9 @@ static bool nvme_init_pci(NvmeCtrl *n, PCIDevice *pci_dev, Error **errp)
     }
 
     if (n->pmr.dev) {
-        nvme_init_pmr(n, pci_dev);
+        if (!nvme_init_pmr(n, pci_dev, errp)) {
+            return false;
+        }
     }
 
     return true;
diff --git a/tests/qtest/nvme-test.c b/tests/qtest/nvme-test.c
index 5ad6821f7af9..4aec1651e6e2 100644
--- a/tests/qtest/nvme-test.c
+++ b/tests/qtest/nvme-test.c
@@ -149,7 +149,7 @@ static void nvme_register_nodes(void)
         .before_cmd_line = "-drive id=drv0,if=none,file=null-co://,"
                            "file.read-zeroes=on,format=raw "
                            "-object memory-backend-ram,id=pmr0,"
-                           "share=on,size=8",
+                           "share=on,size=16",
     };
 
     add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) });
-- 
2.51.0

next prev parent reply	other threads:[~2025-11-25  8:48 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-25  8:47 [PULL 0/3] nvme fixes Klaus Jensen
2025-11-25  8:47 ` [PULL 1/3] hw/nvme: fix namespace atomic parameter setup Klaus Jensen
2025-11-25  8:47 ` [PULL 2/3] hw/nvme: fix up extended protection information format Klaus Jensen
2025-11-25  8:47 ` Klaus Jensen [this message]
2025-11-25 18:22 ` [PULL 0/3] nvme fixes Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:901d4d86335 dfblob:cc4593cd427 dfblob:5ad6821f7af
dfblob:4aec1651e6e )
 OR (
bs:"[PULL 3/3] hw/nvme: Validate PMR memory size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251125084725.4632-4-its@irrelevant.dk \
    --to=its@irrelevant.dk \
    --cc=farosas@suse.de \
    --cc=foss@defmacro.it \
    --cc=k.jensen@samsung.com \
    --cc=kbusch@kernel.org \
    --cc=lvivier@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=philmd@linaro.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.