From patchwork Fri Jun 22 11:22:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gersner X-Patchwork-Id: 933279 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="kVclkpYh"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41BxK409CCz9s2L for ; Fri, 22 Jun 2018 21:33:28 +1000 (AEST) Received: from localhost ([::1]:32827 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fWKJd-0006EW-Mk for incoming@patchwork.ozlabs.org; Fri, 22 Jun 2018 07:33:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58678) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fWKAN-0007Vw-CB for qemu-devel@nongnu.org; Fri, 22 Jun 2018 07:23:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fWKAL-0005ZW-R3 for qemu-devel@nongnu.org; Fri, 22 Jun 2018 07:23:47 -0400 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:34288) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fWKAF-0005Wp-Oi; Fri, 22 Jun 2018 07:23:39 -0400 Received: by mail-wr0-x244.google.com with SMTP id a12-v6so6371774wro.1; Fri, 22 Jun 2018 04:23:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pxObkUa+AeuKXsmIIwf3LGRtxb+bgORhcIvR5buH7Fs=; b=kVclkpYhPC0kiIpuyHQ7vL33aZkAer+suesLN+Uld2vyGbBdt5pMiH+W4EdB9fjG2l XJC2SrGBQc4+rNfL9DgLj38zuhl90BhSCq/pckZ6tEfBtl+tLxm0iLSGEAKmkMlInkWX 51MM6Kt8EH6KzXirvghwYi+8KB2dn3NvR4RsLgVMOkpbjQKEi+fpqRW4PXQU9cgbV0Lw 8bvt6ZC2qPygQk7ywJghA702+zj+U54OZAaQeuqbIGC5tb6nQFYCZkxAI1PTsvLsN0wQ gJm1fpzOa5ORINOktsWE3sfwE0de+ukKdBhby76HJUETPqUW3jMANEXUbyZ3BVHn/57m 5c7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pxObkUa+AeuKXsmIIwf3LGRtxb+bgORhcIvR5buH7Fs=; b=IuWBGUgfhcRRlA1pRfqS/8zJYgeupj+3VVq67Piqfc5giw1jVVCBMM9NekaF/+zFzd Szv2UGes129utkdZkTHejKeYiiqWwFrJD/foceURE2vetb68DZW84NupY2nRJ2Yg5sSp m5E+6NJW8VzHPvbjNZMfcobtE/3+KbJlhHbSVGjma5n7DbR5rAabzb8XmbNp2A5l0yD+ /U6+YQOYcDlqee6ebsQXiyKg8nnAnNJPOz86wRCuuGh0J3rvMKq8QeDXgGyV7ApaAyj7 eOSPRMKmYPXPDAzk9ytPn6kpDJt+VLQt1i6D/vId5zN3UYIMsajyZgql2Rpo3yqAPe7b WOVQ== X-Gm-Message-State: APt69E2tOwv9A5WhCO4/7p5Y+TB8hsY4DXRAqkiVoA7ZLpTSAtkuJoBA 91jni9wIjsIH5VXvk1OHwChSCQsF5jg= X-Google-Smtp-Source: AAOMgpcNwuCMPHUUfIZS0DF+7VFOS44DwD7jXEzYyIZ+QwMOwoZCUvJ8KTAdo+aS1SluDNvMGCAiqg== X-Received: by 2002:adf:aef3:: with SMTP id y106-v6mr1334192wrc.53.1529666618685; Fri, 22 Jun 2018 04:23:38 -0700 (PDT) Received: from localhost.localdomain (bzq-109-64-22-141.red.bezeqint.net. [109.64.22.141]) by smtp.gmail.com with ESMTPSA id e81-v6sm1758833wmi.28.2018.06.22.04.23.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Jun 2018 04:23:38 -0700 (PDT) From: Shimi Gersner To: qemu-block@nongnu.org, qemu-devel@nongnu.org Date: Fri, 22 Jun 2018 11:22:34 +0000 Message-Id: <20180622112237.2131-2-gersner@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180622112237.2131-1-gersner@gmail.com> References: <20180622112237.2131-1-gersner@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::244 Subject: [Qemu-devel] [PATCH 2/5] nvme: CQ/SQ proper validation & status code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Keith Busch , Kevin Wolf , David Sariel , Shimi Gersner , Max Reitz Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Device fails to properly comply CQ/SQ id validation. nvme_check_[cs]id was used for both validation of the id and to check if the id is used. Function was split and into two seperate functions and used properly on CQ/SQ creation/deletion. When id check is failed a proper error should be returned as defined by the sepecification. Additionally, CQ creation failed to properly check irq vector number. Change-Id: I3b6d8179ce567be4cd064c0be0ed69a740708096 Signed-off-by: Shimi Gersner --- hw/block/nvme.c | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 9d5414c80f..24a51d33ea 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -62,14 +62,24 @@ static void nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) } } -static int nvme_check_sqid(NvmeCtrl *n, uint16_t sqid) +static int nvme_valid_sqid(NvmeCtrl *n, uint16_t sqid) { - return sqid < n->num_queues && n->sq[sqid] != NULL ? 0 : -1; + return sqid < n->num_queues; } -static int nvme_check_cqid(NvmeCtrl *n, uint16_t cqid) +static int nvme_used_sqid(NvmeCtrl *n, uint16_t sqid) { - return cqid < n->num_queues && n->cq[cqid] != NULL ? 0 : -1; + return sqid < n->num_queues && n->sq[sqid] != NULL ? 1 : 0; +} + +static int nvme_valid_cqid(NvmeCtrl *n, uint16_t cqid) +{ + return cqid < n->num_queues; +} + +static int nvme_used_cqid(NvmeCtrl *n, uint16_t cqid) +{ + return cqid < n->num_queues && n->cq[cqid] != NULL ? 1 : 0; } static void nvme_inc_cq_tail(NvmeCQueue *cq) @@ -433,7 +443,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd) NvmeCQueue *cq; uint16_t qid = le16_to_cpu(c->qid); - if (unlikely(!qid || nvme_check_sqid(n, qid))) { + if (unlikely(!qid || !nvme_used_sqid(n, qid))) { trace_nvme_err_invalid_del_sq(qid); return NVME_INVALID_QID | NVME_DNR; } @@ -446,7 +456,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd) assert(req->aiocb); blk_aio_cancel(req->aiocb); } - if (!nvme_check_cqid(n, sq->cqid)) { + if (nvme_used_cqid(n, sq->cqid)) { cq = n->cq[sq->cqid]; QTAILQ_REMOVE(&cq->sq_list, sq, entry); @@ -504,11 +514,11 @@ static uint16_t nvme_create_sq(NvmeCtrl *n, NvmeCmd *cmd) trace_nvme_create_sq(prp1, sqid, cqid, qsize, qflags); - if (unlikely(!cqid || nvme_check_cqid(n, cqid))) { + if (unlikely(!cqid || !nvme_used_cqid(n, cqid))) { trace_nvme_err_invalid_create_sq_cqid(cqid); return NVME_INVALID_CQID | NVME_DNR; } - if (unlikely(!sqid || !nvme_check_sqid(n, sqid))) { + if (unlikely(!sqid || !nvme_valid_sqid(n, sqid) || nvme_used_sqid(n, sqid))) { trace_nvme_err_invalid_create_sq_sqid(sqid); return NVME_INVALID_QID | NVME_DNR; } @@ -546,9 +556,9 @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd) NvmeCQueue *cq; uint16_t qid = le16_to_cpu(c->qid); - if (unlikely(!qid || nvme_check_cqid(n, qid))) { + if (unlikely(!qid || !nvme_used_cqid(n, qid))) { trace_nvme_err_invalid_del_cq_cqid(qid); - return NVME_INVALID_CQID | NVME_DNR; + return NVME_INVALID_QID | NVME_DNR; } cq = n->cq[qid]; @@ -592,9 +602,9 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd) trace_nvme_create_cq(prp1, cqid, vector, qsize, qflags, NVME_CQ_FLAGS_IEN(qflags) != 0); - if (unlikely(!cqid || !nvme_check_cqid(n, cqid))) { + if (unlikely(!cqid || !nvme_valid_cqid(n, cqid) || nvme_used_cqid(n, cqid))) { trace_nvme_err_invalid_create_cq_cqid(cqid); - return NVME_INVALID_CQID | NVME_DNR; + return NVME_INVALID_QID | NVME_DNR; } if (unlikely(!qsize || qsize > NVME_CAP_MQES(n->bar.cap))) { trace_nvme_err_invalid_create_cq_size(qsize); @@ -604,7 +614,7 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd) trace_nvme_err_invalid_create_cq_addr(prp1); return NVME_INVALID_FIELD | NVME_DNR; } - if (unlikely(vector > n->num_queues)) { + if (unlikely(vector >= n->num_queues)) { trace_nvme_err_invalid_create_cq_vector(vector); return NVME_INVALID_IRQ_VECTOR | NVME_DNR; } @@ -1091,7 +1101,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val) NvmeCQueue *cq; qid = (addr - (0x1000 + (1 << 2))) >> 3; - if (unlikely(nvme_check_cqid(n, qid))) { + if (unlikely(!nvme_used_cqid(n, qid))) { NVME_GUEST_ERR(nvme_ub_db_wr_invalid_cq, "completion queue doorbell write" " for nonexistent queue," @@ -1129,7 +1139,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val) NvmeSQueue *sq; qid = (addr - 0x1000) >> 3; - if (unlikely(nvme_check_sqid(n, qid))) { + if (unlikely(!nvme_used_sqid(n, qid))) { NVME_GUEST_ERR(nvme_ub_db_wr_invalid_sq, "submission queue doorbell write" " for nonexistent queue,"