aboutsummaryrefslogtreecommitdiff
path: root/hw/nvme
AgeCommit message (Collapse)Author
2022-01-18hw/dma: Let dma_buf_read() / dma_buf_write() propagate MemTxResultPhilippe Mathieu-Daudé
Since commit 292e13142d2, dma_buf_rw() returns a MemTxResult type. Do not discard it, return it to the caller. Pass the previously returned value (the QEMUSGList residual size, which was rarely used) as an optional argument. With this new API, SCSIRequest::residual might now be accessed via a pointer. Since the size_t type does not have the same size on 32 and 64-bit host architectures, convert it to a uint64_t, which is big enough to hold the residual size, and the type is constant on both 32/64-bit hosts. Update the few dma_buf_read() / dma_buf_write() callers to the new API. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Peter Xu <peterx@redhat.com> Message-Id: <20220117125130.131828-1-f4bug@amsat.org>
2022-01-18hw/dma: Use dma_addr_t type definition when relevantPhilippe Mathieu-Daudé
Update the obvious places where dma_addr_t should be used (instead of uint64_t, hwaddr, size_t, int32_t types). This allows to have &dma_addr_t type portable on 32/64-bit hosts. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220111184309.28637-11-f4bug@amsat.org>
2021-12-31dma: Let dma_buf_read() take MemTxAttrs argumentPhilippe Mathieu-Daudé
Let devices specify transaction attributes when calling dma_buf_read(). Keep the default MEMTXATTRS_UNSPECIFIED in the few callers. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20211223115554.3155328-13-philmd@redhat.com>
2021-12-31dma: Let dma_buf_write() take MemTxAttrs argumentPhilippe Mathieu-Daudé
Let devices specify transaction attributes when calling dma_buf_write(). Keep the default MEMTXATTRS_UNSPECIFIED in the few callers. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20211223115554.3155328-12-philmd@redhat.com>
2021-11-19hw/nvme: fix buffer overrun in nvme_changed_nslist (CVE-2021-3947)Klaus Jensen
Fix missing offset verification. Cc: qemu-stable@nongnu.org Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> Fixes: f432fdfa121 ("support changed namespace asynchronous event") Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-11-19hw/nvme: change nvme-ns 'shared' defaultKlaus Jensen
Change namespaces to be shared namespaces by default (parameter shared=on). Keep shared=off for older machine types. Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-11-19hw/nvme: reattach subsystem namespaces on hotplugHannes Reinecke
With commit 5ffbaeed16 ("hw/nvme: fix controller hot unplugging") namespaces get moved from the controller to the subsystem if one is specified. That keeps the namespaces alive after a controller hot-unplug, but after a controller hotplug we have to reconnect the namespaces from the subsystem to the controller. Fixes: 5ffbaeed16 ("hw/nvme: fix controller hot unplugging") Cc: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Hannes Reinecke <hare@suse.de> [k.jensen: only attach to shared and non-detached namespaces] Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-09-30qbus: Rename qbus_create_inplace() to qbus_init()Peter Maydell
Rename qbus_create_inplace() to qbus_init(); this is more in line with our usual naming convention for functions that in-place initialize objects. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20210923121153.23754-5-peter.maydell@linaro.org
2021-09-24hw/nvme: Return error for fused operationsPankaj Raghav
Currently, FUSED operations are not supported by QEMU. As per the 1.4 SPEC, controller should abort the command that requested a fused operation with an INVALID FIELD error code if they are not supported. Changes from v1: Added FUSE flag check also to the admin cmd processing as the FUSED operations are mentioned in the general SQE section in the SPEC. Signed-off-by: Pankaj Raghav <p.raghav@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-09-24hw/nvme: fix verification of select field in namespace attachmentNaveen Nagar
Fix is added to check for reserved value in select field for namespace attachment CC: Minwoo Im <minwoo.im.dev@gmail.com> Signed-off-by: Naveen Nagar <naveen.n1@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-09-24hw/nvme: fix validation of ASQ and ACQKlaus Jensen
Address 0x0 is a valid address. Fix the admin submission and completion queue address validation to not error out on this. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-08-09hw/nvme: fix missing variable initializersKlaus Jensen
Coverity found that 'uuid', 'csi' and 'eui64' are uninitialized. While we set most of the fields, we do not explicitly set the rsvd2 field in the NvmeIdNsDescr header. Fix this by explicitly zero-initializing the variables. Reported-by: Coverity (CID 1458835, 1459295 and 1459580) Fixes: 6870cfb8140d ("hw/nvme: namespace parameter for EUI-64") Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-07-26hw/nvme: fix mmio readKlaus Jensen
The new PMR test unearthed a long-standing issue with MMIO reads on big-endian hosts. Fix this by unconditionally storing all controller registers in little endian. Cc: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-26hw/nvme: fix out-of-bounds readsKlaus Jensen
Peter noticed that mmio access may read into the NvmeParams member in the NvmeCtrl struct. Fix the bounds check. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-26hw/nvme: use symbolic names for registersKlaus Jensen
Add the NvmeBarRegs enum and use these instead of explicit register offsets. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-07-26hw/nvme: split pmrmsc register into upper and lowerKlaus Jensen
The specification uses a set of 32 bit PMRMSCL and PMRMSCU registers to make up the 64 bit logical PMRMSC register. Make it so. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-07-26hw/nvme: fix controller hot unpluggingKlaus Jensen
Prior to this patch the nvme-ns devices are always children of the NvmeBus owned by the NvmeCtrl. This causes the namespaces to be unrealized when the parent device is removed. However, when subsystems are involved, this is not what we want since the namespaces may be attached to other controllers as well. This patch adds an additional NvmeBus on the subsystem device. When nvme-ns devices are realized, if the parent controller device is linked to a subsystem, the parent bus is set to the subsystem one instead. This makes sure that namespaces are kept alive and not unrealized. Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-07-26hw/nvme: error handling for too many mappingsPadmakar Kalghatgi
If the number of PRP/SGL mappings exceed 1024, reads and writes will fail because of an internal QEMU limitation of max 1024 vectors. Signed-off-by: Padmakar Kalghatgi <p.kalghatgi@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> [k.jensen: changed the error message to be more generic] Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-07-26hw/nvme: unregister controller with subsystem at exitKlaus Jensen
Make sure the controller is unregistered from the subsystem when device is removed. Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-07-26hw/nvme: mark nvme-subsys non-hotpluggableKlaus Jensen
We currently lack the infrastructure to handle subsystem hotplugging, so disable it. Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-07-26hw/nvme: remove NvmeCtrl parameter from ns setup/check functionsKlaus Jensen
The nvme_ns_setup and nvme_ns_check_constraints should not depend on the controller state. Refactor and remove it. Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: fix pin-based interrupt behavior (again)Klaus Jensen
Jakub noticed[1] that, when using pin-based interrupts, the device will unconditionally deasssert when any CQEs are acknowledged. However, the pin should not be deasserted if other completion queues still holds unacknowledged CQEs. The bug is an artifact of commit ca247d35098d ("hw/block/nvme: fix pin-based interrupt behavior") which fixed one bug but introduced another. This is the third time someone tries to fix pin-based interrupts (see commit 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt behaviour of NVMe"))... Third time's the charm, so fix it, again, by keeping track of how many CQs have unacknowledged CQEs and only deassert when all are cleared. [1]: <20210610114624.304681-1-jakub.jermar@kernkonzept.com> Cc: qemu-stable@nongnu.org Fixes: ca247d35098d ("hw/block/nvme: fix pin-based interrupt behavior") Reported-by: Jakub Jermář <jakub.jermar@kernkonzept.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: fix missing check for PMR capabilityKlaus Jensen
Qiang Liu reported that an access on an unknown address is triggered in memory_region_set_enabled because a check on CAP.PMRS is missing for the PMRCTL register write when no PMR is configured. Cc: qemu-stable@nongnu.org Fixes: 75c3c9de961d ("hw/block/nvme: disable PMR at boot up") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/362 Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: documentation fixGollu Appalanaidu
In the documentation of the '-detached' param "be" and "not" has been used side by side, fix that. Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: fix endianess conversion and add controller listGollu Appalanaidu
Add the controller identifiers list CNS 0x13, available list of ctrls in NVM Subsystem that may or may not be attached to namespaces. In Identify Ctrl List of the CNS 0x12 and 0x13 no endian conversion for the nsid field. These two CNS values shows affect when there exists a Subsystem. Added condition if there is no Subsystem return invalid field in command. Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29Partially revert "hw/block/nvme: drain namespaces on sq deletion"Klaus Jensen
This partially reverts commit 98f84f5a4eca5c03e32fff20f246d9b4b96d6422. Since all "multi aio" commands are now reimplemented to properly track the nested aiocbs, we can revert the "hack" that was introduced to make sure all requests we're properly drained upon sq deletion. The revert is partial since we keep the assert that no outstanding requests remain on the submission queue after the explicit cancellation. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: reimplement format nvm to allow cancellationKlaus Jensen
Prior to this patch, the aios associated with broadcast format are submitted anonymously (no aiocb reference saved from the blk_aio call). Fix this by formatting the namespaces one after another, saving a reference to the aiocb for each. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: reimplement zone reset to allow cancellationKlaus Jensen
Prior to this patch, the aios associated with zone reset are submitted anonymously (no reference saved to the aiocb from the blk_aio call). Fix this by resetting the zones one after another, saving a reference to the aiocb for each reset. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: reimplement the copy command to allow aio cancellationKlaus Jensen
Before this patch the code would issue several aios simultaneously without saving a reference to the aiocb. Without the aiocb reference the individual copies cannot be canceled. Fix this by issuing copies of the ranges one after another. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: add dw0/1 to the req completion trace eventKlaus Jensen
Some commands report additional useful information in dw0 and dw1 of the completion queue entry. Add them to the trace. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: use prinfo directly in nvme_check_prinfo and nvme_dif_checkKlaus Jensen
The nvme_check_prinfo() and nvme_dif_check() functions operate on the 16 bit "control" member of the NvmeCmd. These functions do not otherwise operate on an NvmeCmd or an NvmeRequest, so change them to expect the actual 4 bit PRINFO field and add constants that work on this field as well. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: remove assert from nvme_get_zone_by_slbaKlaus Jensen
Make nvme_get_zone_by_slba() return NULL if the slba is out of range. This allows the function to be used without guarding the call with a call to nvme_check_bounds(), in preparation for the next patch. Add asserts after calling nvme_get_zone_by_slba() instead. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: save reftag when generating piKlaus Jensen
Prepare nvme_dif_pract_generate_dif() and nvme_dif_check() to be callable in smaller increments by making the reftag a pointer parameter updated by the function. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: reimplement dsm to allow cancellationKlaus Jensen
Prior to this patch, a loop was used to issue multiple "fire and forget" aios for each range in the command. Without a reference to the aiocb returned from the blk_aio_pdiscard calls, the aios cannot be canceled. Fix this by processing the ranges one after another. As a bonus, this fixes how metadata is cleared (i.e. we only zero it out if the data was succesfully discarded). Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: add nvme_block_status_all helperKlaus Jensen
Pull the gist of nvme_check_dulbe() into a helper function. This is in preparation for dsm refactoring. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: reimplement flush to allow cancellationKlaus Jensen
Prior to this patch, a broadcast flush would result in submitting multiple "fire and forget" aios (no reference saved to the aiocbs returned from the blk_aio_flush calls). Fix this by issuing the flushes one after another. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-06-29hw/nvme: default for namespace EUI-64Heinrich Schuchardt
On machines with version > 6.0 replace a missing EUI-64 by a generated value. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: namespace parameter for EUI-64Heinrich Schuchardt
The EUI-64 field is the only identifier for NVMe namespaces in UEFI device paths. Add a new namespace property "eui64", that provides the user the option to specify the EUI-64. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: fix csi field for cns 0x00 and 0x11Gollu Appalanaidu
As per the TP 4056d Namespace types CNS 0x00 and CNS 0x11 CSI field shouldn't use but it is being used for these two Identify command CNS values, fix that. Remove 'nvme_csi_has_nvm_support()' helper as suggested by Klaus we can safely assume NVM command set support for all namespaces. Suggested-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: add param to control auto zone transitioning to zone state closedNiklas Cassel
In the Zoned Namespace Command Set Specification, chapter 2.5.1 Managing resources "The controller may transition zones in the ZSIO:Implicitly Opened state to the ZSC:Closed state for resource management purposes." The word may in this sentence means that automatically transitioning an implicitly opened zone to closed is completely optional. Add a new parameter so that the user can control if this automatic transitioning should be performed or not. Being able to control this can help with verifying that e.g. a user-space program behaves properly even without this optional ZNS feature. The default value is set to true, in order to not change the existing behavior. Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com> [k.jensen: moved parameter to controller] Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: fix lbaf formats initializationGollu Appalanaidu
Currently LBAF formats are being intialized based on metadata size if and only if nvme-ns "ms" parameter is non-zero value. Since FormatNVM command being supported device parameter "ms" may not be the criteria to initialize the supported LBAFs. And make LBAF array as read-only. Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: add identify namespace flbas/mc enumsGollu Appalanaidu
Add enums for the Identify Namespace FLBAS and MC fields. Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> [k.jensen: squashed separate flbas/mc commits into one] Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-06-29hw/nvme: fix styleGollu Appalanaidu
Identify command related functions style fix. Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-05-17hw/nvme: move nvme emulation out of hw/blockKlaus Jensen
With the introduction of the nvme-subsystem device we are really cluttering up the hw/block directory. As suggested by Philippe previously, move the nvme emulation to hw/nvme. Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org>