aboutsummaryrefslogtreecommitdiff
path: root/hw/nvme
AgeCommit message (Collapse)Author
2024-03-13hw/nvme: Use pcie_sriov_num_vfs()Akihiko Odaki
nvme_sriov_pre_write_ctrl() used to directly inspect SR-IOV configurations to know the number of VFs being disabled due to SR-IOV configuration writes, but the logic was flawed and resulted in out-of-bound memory access. It assumed PCI_SRIOV_NUM_VF always has the number of currently enabled VFs, but it actually doesn't in the following cases: - PCI_SRIOV_NUM_VF has been set but PCI_SRIOV_CTRL_VFE has never been. - PCI_SRIOV_NUM_VF was written after PCI_SRIOV_CTRL_VFE was set. - VFs were only partially enabled because of realization failure. It is a responsibility of pcie_sriov to interpret SR-IOV configurations and pcie_sriov does it correctly, so use pcie_sriov_num_vfs(), which it provides, to get the number of enabled VFs before and after SR-IOV configuration writes. Cc: qemu-stable@nongnu.org Fixes: CVE-2024-26328 Fixes: 11871f53ef8e ("hw/nvme: Add support for the Virtualization Management command") Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20240228-reuse-v8-1-282660281e60@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> (cherry picked from commit 91bb64a8d2014fda33a81fcf0fce37340f0d3b0c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-03-13hw/nvme: add machine compatibility parameter to enable msix exclusive barKlaus Jensen
Commit 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0") moved the MSI-X table and PBA to BAR 0 to make room for enabling CMR and PMR at the same time. As reported by Julien Grall in #2184, this breaks migration through system hibernation. Add a machine compatibility parameter and set it on machines pre 6.0 to enable the old behavior automatically, restoring the hibernation migration support. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2184 Fixes: 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0") Reported-by: Julien Grall julien@xen.org Tested-by: Julien Grall julien@xen.org Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> (cherry picked from commit fa905f65c5549703279f68c253914799b10ada47) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-03-13hw/nvme: generalize the mbar size helperKlaus Jensen
Generalize the mbar size helper such that it can handle cases where the MSI-X table and PBA are expected to be in an exclusive bar. Cc: qemu-stable@nongnu.org Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> (cherry picked from commit ee7bda4d38cda3eaf114c850a723dd12e23d3abc) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-03-13hw/nvme: fix invalid check on mclKlaus Jensen
The number of logical blocks within a source range is converted into a 1s based number at the time of parsing. However, when verifying the copy length we add one again, causing the check against MCL to fail in error. Cc: qemu-stable@nongnu.org Fixes: 381ab99d8587 ("hw/nvme: check maximum copy length (MCL) for COPY") Reviewed-by: Minwoo Im <minwoo.im@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> (cherry picked from commit 8c78015a55d84c016da6d5e41b6b5f618ecb25ab) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-03-13hw/nvme: separate 'serial' property for VFsMinwoo Im
Currently, when a VF is created, it uses the 'params' object of the PF as it is. In other words, the 'params.serial' string memory area is also shared. In this situation, if the VF is removed from the system, the PF's 'params.serial' object is released with object_finalize() followed by object_property_del_all() which release the memory for 'serial' property. If that happens, the next VF created will inherit a serial from a corrupted memory area. If this happens, an error will occur when comparing subsys->serial and n->params.serial in the nvme_subsys_register_ctrl() function. Cc: qemu-stable@nongnu.org Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV") Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> (cherry picked from commit 4f0a4a3d5854824e5c5eccf353d4a1f4f749a29d) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-27hw/nvme: fix invalid endian conversionKlaus Jensen
numcntl is one byte and so is max_vfs. Using cpu_to_le16 on big endian hosts results in numcntl being set to 0. Fix by dropping the endian conversion. Fixes: 99f48ae7ae ("hw/nvme: Add support for Secondary Controller List") Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Minwoo Im <minwoo.im@samsung.com> Message-ID: <20240222-fix-sriov-numcntl-v1-1-d60bea5e72d0@samsung.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> (cherry picked from commit d2b5bb860e6c17442ad95cc275feb07c1665be5c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-29hw/nvme: Clean up local variable shadowing in nvme_ns_init()Klaus Jensen
Fix local variable shadowing in nvme_ns_init(). Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Message-ID: <20230925-fix-local-shadowing-v1-1-3a1172132377@samsung.com> Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-09-21Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into stagingStefan Hajnoczi
trivial patches for 2023-09-21 # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmUL/84PHG1qdEB0bHMu # bXNrLnJ1AAoJEHAbT2saaT5Zlz4H/iI7Rhmsw6E46WhQPz1oly8p5I3m6Tcxs5B3 # nagfaJC0EYjKyMZC1bsATJwRj8robCb5SDhZeUfudt1ytZYFfH3ulvlUrGYrMQRW # YEfBFIDLexqrLpsykc6ovl2NB5BXQsK3n6NNbnYE1OxQt8Cy4kNQi1bStrZ8JzDE # lIxvWZdwoQJ2K0VRDGRLrL6XG80qeONSXEoppXxJlfhk1Ar3Ruhijn3REzfQybvV # 1zIa1/h80fSLuwOGSPuOLqVCt6JzTuOOrfYc9F+sjcmIQWHLECy6CwTHEbb921Tw # 9HD6ah4rvkxoN2NWSPo/kM6tNW/pyOiYwYldx5rfWcQ5mhScuO8= # =u6P0 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 21 Sep 2023 04:33:18 EDT # gpg: using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59 # gpg: issuer "mjt@tls.msk.ru" # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full] # gpg: aka "Michael Tokarev <mjt@corpit.ru>" [full] # gpg: aka "Michael Tokarev <mjt@debian.org>" [full] # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu: docs/devel/reset.rst: Correct function names docs/cxl: Cleanout some more aarch64 examples. hw/mem/cxl_type3: Add missing copyright and license notice hw/cxl: Fix out of bound array access docs/cxl: Change to lowercase as others hw/cxl/cxl_device: Replace magic number in CXLError definition hw/pci-bridge/cxl_upstream: Fix bandwidth entry base unit for SSLBIS hw/cxl: Fix CFMW config memory leak hw/i386/pc: fix code comment on cumulative flash size subprojects: Use the correct .git suffix in the repository URLs hw/other: spelling fixes hw/tpm: spelling fixes hw/pci: spelling fixes hw/net: spelling fixes i386: spelling fixes bsd-user: spelling fixes ppc: spelling fixes Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-09-21hw/other: spelling fixesMichael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2023-09-20block: remove AIOCBInfo->get_aio_context()Stefan Hajnoczi
The synchronous bdrv_aio_cancel() function needs the acb's AioContext so it can call aio_poll() to wait for cancellation. It turns out that all users run under the BQL in the main AioContext, so this callback is not needed. Remove the callback, mark bdrv_aio_cancel() GLOBAL_STATE_CODE just like its blk_aio_cancel() caller, and poll the main loop AioContext. The purpose of this cleanup is to identify bdrv_aio_cancel() as an API that does not work with the multi-queue block layer. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-ID: <20230912231037.826804-2-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-09-13Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into ↵Stefan Hajnoczi
staging hw/nvme updates Two fixes for dynamic array allocation. # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmUAc8AACgkQTeGvMW1P # DelwhQgAxD7imw85V89Dz58LgrFoq5XZz2cq6Q5BsudyZd8FW5r7lOn9c1i0Yu2x # iiP93FX0b5LPQ9/8/liz3oHu1HZ7+hX+VeDZSQ1/bugfXM/eDSPA7lf7GG1np312 # 9lKRs8o+T4Di7v93kdiEi6G3b0jQSmZ722aMa54isk58hy1mcUTnGxvPZpVZutTP # lYhwuElQIsnnKXB0jaRlpcDkpXdHJ1wwziaYLM7pus+tElMiSkFP05j2pX9iigKu # 7g+Hs+DaqrOzdoF/6uu72IKygq3/5H8iou1No/7OICWbFti5Qhhra0OKQE6nrlKd # 51fnWA6VjpO5g9+diwRRYbjEiOrkqQ== # =wn4B # -----END PGP SIGNATURE----- # gpg: Signature made Tue 12 Sep 2023 10:20:48 EDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown] # gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: Avoid dynamic stack allocation hw/nvme: Use #define to avoid variable length array Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-09-12hw/nvme: Avoid dynamic stack allocationPeter Maydell
Instead of using a variable-length array in nvme_map_prp(), allocate on the stack with a g_autofree pointer. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-09-12hw/nvme: Use #define to avoid variable length arrayPhilippe Mathieu-Daudé
In nvme_map_sgl() we create an array segment[] whose size is the 'const int SEG_CHUNK_SIZE'. Since this is C, rather than C++, a "const int foo" is not a true constant, it's merely a variable with a constant value, and so semantically segment[] is a variable-length array. Switch SEG_CHUNK_SIZE to a #define so that we can make the segment[] array truly fixed-size, in the sense that it doesn't trigger the -Wvla warning. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). [PMM: rebased (function has moved file), expand commit message based on discussion from previous version of patch] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-09-12kconfig: Add NVME to s390x machinesCédric Le Goater
We recently had issues with nvme devices on big endian platforms. Include their compilation on s390x to ease tests. Signed-off-by: Cédric Le Goater <clg@redhat.com> Message-ID: <20230828150148.120031-1-clg@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-09hw/nvme: fix null pointer access in ruh updateKlaus Jensen
The Reclaim Unit Update operation in I/O Management Receive does not verify the presence of a configured endurance group prior to accessing it. Fix this. Cc: qemu-stable@nongnu.org Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-09hw/nvme: fix null pointer access in directive receiveKlaus Jensen
nvme_directive_receive() does not check if an endurance group has been configured (set) prior to testing if flexible data placement is enabled or not. Fix this. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-08hw/nvme: fix CRC64 for guard tagAnkit Kumar
The nvme CRC64 generator expects the caller to pass inverted seed value. Pass inverted crc value for metadata buffer. Cc: qemu-stable@nongnu.org Fixes: 44219b6029fc ("hw/nvme: 64-bit pi support") Signed-off-by: Ankit Kumar <ankit.kumar@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-07hw/nvme: fix compliance issue wrt. iosqes/iocqesKlaus Jensen
As of prior to this patch, the controller checks the value of CC.IOCQES and CC.IOSQES prior to enabling the controller. As reported by Ben in GitLab issue #1691, this is not spec compliant. The controller should only check these values when queues are created. This patch moves these checks to nvme_create_cq(). We do not need to check it in nvme_create_sq() since that will error out if the completion queue is not already created. Also, since the controller exclusively supports SQEs of size 64 bytes and CQEs of size 16 bytes, hard code that. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1691 Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-07hw/nvme: fix oob memory read in fdp events logKlaus Jensen
As reported by Trend Micro's Zero Day Initiative, an oob memory read vulnerability exists in nvme_fdp_events(). The host-provided offset is not verified. Fix this. This is only exploitable when Flexible Data Placement mode (fdp=on) is enabled. Fixes: CVE-2023-4135 Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reported-by: Trend Micro's Zero Day Initiative Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-07-30hw/nvme: use stl/ldl pci dma apiKlaus Jensen
Use the stl/ldl pci dma api for writing/reading doorbells. This removes the explicit endian conversions. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-07-19hw/nvme: fix endianness issue for shadow doorbellsKlaus Jensen
In commit 2fda0726e514 ("hw/nvme: fix missing endian conversions for doorbell buffers"), we fixed shadow doorbells for big-endian guests running on little endian hosts. But I did not fix little-endian guests on big-endian hosts. Fix this. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1765 Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support") Cc: qemu-stable@nongnu.org Reported-by: Thomas Huth <thuth@redhat.com> Tested-by: Cédric Le Goater <clg@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-07-10pcie: Use common ARI next function numberAkihiko Odaki
Currently the only implementers of ARI is SR-IOV devices, and they behave similar. Share the ARI next function number. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Ani Sinha <anisinha@redhat.com> Message-Id: <20230710153838.33917-2-akihiko.odaki@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-06-28hw/nvme: add placement handle list rangesKlaus Jensen
Allow the placement handles to be specified as ranges, i.e. `fdp.ruhs=1:3-5` will attempt to assign ruh 1, 3, 4 and 5 to the namespace. Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-28hw/nvme: verify uniqueness of reclaim unit handle identifiersKlaus Jensen
Verify that a reclaim unit handle identifier is only specified once in fdp.ruhs. Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-28hw/nvme: fix verification of number of ruhisKlaus Jensen
Fix a off-by-one error when verifying the number of reclaim unit handle identifiers specified in fdp.ruhs. To make the fix nicer, move the verification of the fdp.nruh parameter to an earlier point. Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-28hw/nvme: check maximum copy length (MCL) for COPYMinwoo Im
MCL(Maximum Copy Length) in the Identify Namespace data structure limits the number of LBAs to be copied inside of the controller. We've not checked it at all, so added the check with returning the proper error status. Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-28hw/nvme: consider COPY command in nvme_aio_errMinwoo Im
If we don't have NVME_CMD_COPY consideration in the switch statement in nvme_aio_err(), it will go to have NVME_INTERNAL_DEV_ERROR and `req->status` will be ovewritten to it. During the aio context, it might set the NVMe status field like NVME_CMD_SIZE_LIMIT, but it's overwritten in the nvme_aio_err(). Add consideration for the NVME_CMD_COPY not to overwrite the status at the end of the function. Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-28hw/nvme: add comment for nvme-ns propertiesMinwoo Im
Add more comments of existing properties for nvme-ns device. Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-06-20meson: Replace softmmu_ss -> system_ssPhilippe Mathieu-Daudé
We use the user_ss[] array to hold the user emulation sources, and the softmmu_ss[] array to hold the system emulation ones. Hold the latter in the 'system_ss[]' array for parity with user emulation. Mechanical change doing: $ sed -i -e s/softmmu_ss/system_ss/g $(git grep -l softmmu_ss) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230613133347.82210-10-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-04-28hw: replace most qemu_bh_new calls with qemu_bh_new_guardedAlexander Bulekov
This protects devices from bh->mmio reentrancy issues. Thanks: Thomas Huth <thuth@redhat.com> for diagnosing OS X test failure. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20230427211013.2994127-5-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-20nvme: remove constant argument to tracepointPaolo Bonzini
The last argument to -pci_nvme_err_startfail_virt_state is always "OFFLINE" due to the enclosing "if" condition requiring !sctrl->scs. Reported by Coverity. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-12hw/nvme: fix memory leak in nvme_dsmKlaus Jensen
The iocb (and the allocated memory to hold LBA ranges) leaks if reading the LBA ranges fails. Fix this by adding a free and an unref of the iocb. Reported-by: Coverity (CID 1508281) Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-04-12hw/nvme: fix memory leak in fdp ruhid parsingKlaus Jensen
Coverity reports a memory leak of memory when parsing ruhids at namespace initialization. Since this is just working memory, not needed beyond the scope of the functions, fix this by adding a g_autofree annotation. Reported-by: Coverity (CID 1507979) Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-27hw/nvme: fix missing DNR on compare failureKlaus Jensen
Even if the host is somehow using compare to do compare-and-write, the host should be notified immediately about the compare failure and not have to wait for the driver to potentially retry the command. Fixes: 0a384f923f51 ("hw/block/nvme: add compare command") Reported-by: Jim Harris <james.r.harris@intel.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-27hw/nvme: Change alignment in dma functions for nvme_blk_*Mateusz Kozlowski
Since the nvme_blk_read/write are used by both the data and metadata portions of the IO, it can't have the 512B alignment requirement. Without this change any metadata transfer, which length isn't a multiple of 512B and which is bigger than 512B, will result in only a partial transfer. Signed-off-by: Mateusz Kozlowski <kozlowski.mateuszpl@gmail.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-06hw/nvme: flexible data placement emulationJesper Devantier
Add emulation of TP4146 ("Flexible Data Placement"). Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Jesper Devantier <j.devantier@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-06hw/nvme: basic directives supportGollu Appalanaidu
Add support for the Directive Send and Recv commands and the Identify directive. Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-06hw/nvme: add basic endurance group supportKlaus Jensen
Add the mandatory Endurance Group identify data structures and log pages. For now, all namespaces in a subsystem belongs to a single Endurance Group. Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-06hw/nvme: store a pointer to the NvmeSubsystem in the NvmeNamespaceNiklas Cassel
Each NvmeNamespace can be used by serveral controllers, but a NvmeNamespace can at most belong to a single NvmeSubsystem. Store a pointer to the NvmeSubsystem, if the namespace was realized with a NvmeSubsystem. Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-03-06hw/nvme: move adjustment of data_units{read,written}Joel Granados
Move the rounding of bytes read/written into nvme_smart_log which reports in units of 512 bytes, rounded up in thousands. This is in preparation for adding the Endurance Group Information log page which reports in units of billions, rounded up. Reviewed-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Joel Granados <j.granados@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-11Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into ↵Peter Maydell
staging hw/nvme updates # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmO+anUACgkQTeGvMW1P # Del4HAf/eqW92bf04CpXPzLMG38+FoYQgwkH8Lp390JlSM6kjv3DgPM2ygJXIEYr # dV0KQpTcPRGAVCuXCSOUd6FTkAYdcPVtOeJeYhldEYj9cc9Y/9tvcBMthFBkiCU/ # 66TL7JEgFmOfVMrLypYpfrPHCN0lQVX+i2+Qruospg6itubAKcYdJq+Hx2WWHzcC # hl/qNgSSIGlhQi21ada1iCUC8Q3TZzo54M+0tW4zfybzsG+eNM+ouKDl/qOHtQgP # ON/ef9dl+0Dum1l5z7O+sPiXBzZRJR7V+jZOsbf0A98fxqmuu3YacVrH6mY/Zmdx # e1xexJt6PVXaIKtoZQKRVn2C0ITjXA== # =AvaO # -----END PGP SIGNATURE----- # gpg: Signature made Wed 11 Jan 2023 07:51:17 GMT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [full] # gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [full] # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: cleanup error reporting in nvme_init_pci() hw/nvme: clean up confusing use of errp/local_err hw/nvme: fix missing cq eventidx update hw/nvme: fix missing endian conversions for doorbell buffers hw/nvme: rename shadow doorbell related trace events hw/nvme: use QOM accessors Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-11hw/nvme: cleanup error reporting in nvme_init_pci()Klaus Jensen
Replace the local Error variable with errp and ERRP_GUARD() and change the return value to bool. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-11hw/nvme: clean up confusing use of errp/local_errKlaus Jensen
Remove an unnecessary local Error value in nvme_realize(). In the process, change nvme_check_constraints() to return a bool. Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-09hw/nvme: fix missing cq eventidx updateKlaus Jensen
Prior to reading the shadow doorbell cq head, we have to update the eventidx. Otherwise, we risk that the driver will skip an mmio doorbell write. This happens on riscv64, as reported by Guenter. Adding the missing update to the cq eventidx fixes the issue. Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support") Cc: qemu-stable@nongnu.org Cc: qemu-riscv@nongnu.org Reported-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-09hw/nvme: fix missing endian conversions for doorbell buffersKlaus Jensen
The eventidx and doorbell value are not handling endianness correctly. Fix this. Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support") Cc: qemu-stable@nongnu.org Reported-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-09hw/nvme: rename shadow doorbell related trace eventsKlaus Jensen
Rename the trace events related to writing the event index and reading the doorbell value to make it more clear that the event is associated with an actual update (write or read respectively). Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-09hw/nvme: use QOM accessorsKlaus Jensen
Replace various ->parent_obj use with the equivalent QOM accessors. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-01-08include/hw/pci: Split pci_device.h off pci.hMarkus Armbruster
PCIDeviceClass and PCIDevice are defined in pci.h. Many users of the header don't actually need them. Similar structs live in their own headers: PCIBusClass and PCIBus in pci_bus.h, PCIBridge in pci_bridge.h, PCIHostBridgeClass and PCIHostState in pci_host.h, PCIExpressHost in pcie_host.h, and PCIERootPortClass, PCIEPort, and PCIESlot in pcie_port.h. Move PCIDeviceClass and PCIDeviceClass to new pci_device.h, along with the code that needs them. Adjust include directives. This also enables the next commit. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221222100330.380143-6-armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-12-14Drop more useless casts from void * to pointerMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20221123133811.1398562-1-armbru@redhat.com>
2022-12-01hw/nvme: remove copy bh schedulingKlaus Jensen
Fix a potential use-after-free by removing the bottom half and enqueuing the completion directly. Fixes: 796d20681d9b ("hw/nvme: reimplement the copy command to allow aio cancellation") Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>