From fd761337aca5b55c133c3bec1b8bd4471cb9571a Mon Sep 17 00:00:00 2001 From: Klaus Jensen Date: Mon, 23 Aug 2021 14:11:33 +0200 Subject: hw/nvme: fix validation of ASQ and ACQ Address 0x0 is a valid address. Fix the admin submission and completion queue address validation to not error out on this. Signed-off-by: Klaus Jensen Reviewed-by: Keith Busch --- hw/nvme/ctrl.c | 8 -------- hw/nvme/trace-events | 2 -- 2 files changed, 10 deletions(-) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index 6baf9e0420..ff78485113 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -5623,14 +5623,6 @@ static int nvme_start_ctrl(NvmeCtrl *n) trace_pci_nvme_err_startfail_sq(); return -1; } - if (unlikely(!asq)) { - trace_pci_nvme_err_startfail_nbarasq(); - return -1; - } - if (unlikely(!acq)) { - trace_pci_nvme_err_startfail_nbaracq(); - return -1; - } if (unlikely(asq & (page_size - 1))) { trace_pci_nvme_err_startfail_asq_misaligned(asq); return -1; diff --git a/hw/nvme/trace-events b/hw/nvme/trace-events index 430eeb395b..ff6cafd520 100644 --- a/hw/nvme/trace-events +++ b/hw/nvme/trace-events @@ -159,8 +159,6 @@ pci_nvme_err_invalid_setfeat(uint32_t dw10) "invalid set features, dw10=0x%"PRIx pci_nvme_err_invalid_log_page(uint16_t cid, uint16_t lid) "cid %"PRIu16" lid 0x%"PRIx16"" pci_nvme_err_startfail_cq(void) "nvme_start_ctrl failed because there are non-admin completion queues" pci_nvme_err_startfail_sq(void) "nvme_start_ctrl failed because there are non-admin submission queues" -pci_nvme_err_startfail_nbarasq(void) "nvme_start_ctrl failed because the admin submission queue address is null" -pci_nvme_err_startfail_nbaracq(void) "nvme_start_ctrl failed because the admin completion queue address is null" pci_nvme_err_startfail_asq_misaligned(uint64_t addr) "nvme_start_ctrl failed because the admin submission queue address is misaligned: 0x%"PRIx64"" pci_nvme_err_startfail_acq_misaligned(uint64_t addr) "nvme_start_ctrl failed because the admin completion queue address is misaligned: 0x%"PRIx64"" pci_nvme_err_startfail_page_too_small(uint8_t log2ps, uint8_t maxlog2ps) "nvme_start_ctrl failed because the page size is too small: log2size=%u, min=%u" -- cgit v1.2.3 From 07a3dfa7c41a94788881b649518507610c727994 Mon Sep 17 00:00:00 2001 From: Naveen Nagar Date: Mon, 23 Aug 2021 16:33:33 +0530 Subject: hw/nvme: fix verification of select field in namespace attachment Fix is added to check for reserved value in select field for namespace attachment CC: Minwoo Im Signed-off-by: Naveen Nagar Signed-off-by: Klaus Jensen --- hw/nvme/ctrl.c | 15 ++++++++++++--- include/block/nvme.h | 5 +++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index ff78485113..dc0e7b0030 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -5191,7 +5191,7 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) uint16_t list[NVME_CONTROLLER_LIST_SIZE] = {}; uint32_t nsid = le32_to_cpu(req->cmd.nsid); uint32_t dw10 = le32_to_cpu(req->cmd.cdw10); - bool attach = !(dw10 & 0xf); + uint8_t sel = dw10 & 0xf; uint16_t *nr_ids = &list[0]; uint16_t *ids = &list[1]; uint16_t ret; @@ -5224,7 +5224,8 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) return NVME_NS_CTRL_LIST_INVALID | NVME_DNR; } - if (attach) { + switch (sel) { + case NVME_NS_ATTACHMENT_ATTACH: if (nvme_ns(ctrl, nsid)) { return NVME_NS_ALREADY_ATTACHED | NVME_DNR; } @@ -5235,7 +5236,10 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) nvme_attach_ns(ctrl, ns); nvme_select_iocs_ns(ctrl, ns); - } else { + + break; + + case NVME_NS_ATTACHMENT_DETACH: if (!nvme_ns(ctrl, nsid)) { return NVME_NS_NOT_ATTACHED | NVME_DNR; } @@ -5244,6 +5248,11 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) ns->attached--; nvme_update_dmrsl(ctrl); + + break; + + default: + return NVME_INVALID_FIELD | NVME_DNR; } /* diff --git a/include/block/nvme.h b/include/block/nvme.h index 77aae01174..e3bd47bf76 100644 --- a/include/block/nvme.h +++ b/include/block/nvme.h @@ -1154,6 +1154,11 @@ enum NvmeIdCtrlCmic { NVME_CMIC_MULTI_CTRL = 1 << 1, }; +enum NvmeNsAttachmentOperation { + NVME_NS_ATTACHMENT_ATTACH = 0x0, + NVME_NS_ATTACHMENT_DETACH = 0x1, +}; + #define NVME_CTRL_SQES_MIN(sqes) ((sqes) & 0xf) #define NVME_CTRL_SQES_MAX(sqes) (((sqes) >> 4) & 0xf) #define NVME_CTRL_CQES_MIN(cqes) ((cqes) & 0xf) -- cgit v1.2.3 From c53a9a91021c2f57de9ab18393d0048bd0fe90c2 Mon Sep 17 00:00:00 2001 From: Pankaj Raghav Date: Wed, 15 Sep 2021 17:43:30 +0200 Subject: hw/nvme: Return error for fused operations Currently, FUSED operations are not supported by QEMU. As per the 1.4 SPEC, controller should abort the command that requested a fused operation with an INVALID FIELD error code if they are not supported. Changes from v1: Added FUSE flag check also to the admin cmd processing as the FUSED operations are mentioned in the general SQE section in the SPEC. Signed-off-by: Pankaj Raghav Reviewed-by: Keith Busch Signed-off-by: Klaus Jensen --- hw/nvme/ctrl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index dc0e7b0030..2f247a9275 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -3893,6 +3893,10 @@ static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeRequest *req) return ns->status; } + if (NVME_CMD_FLAGS_FUSE(req->cmd.flags)) { + return NVME_INVALID_FIELD; + } + req->ns = ns; switch (req->cmd.opcode) { @@ -5475,6 +5479,10 @@ static uint16_t nvme_admin_cmd(NvmeCtrl *n, NvmeRequest *req) return NVME_INVALID_FIELD | NVME_DNR; } + if (NVME_CMD_FLAGS_FUSE(req->cmd.flags)) { + return NVME_INVALID_FIELD; + } + switch (req->cmd.opcode) { case NVME_ADM_CMD_DELETE_SQ: return nvme_del_sq(n, req); -- cgit v1.2.3