[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PATCH 2/5] nvme: CQ/SQ proper validation & status code
From: |
Shimi Gersner |
Subject: |
[Qemu-block] [PATCH 2/5] nvme: CQ/SQ proper validation & status code |
Date: |
Fri, 22 Jun 2018 11:22:34 +0000 |
Device fails to properly comply CQ/SQ id validation.
nvme_check_[cs]id was used for both validation of the id and
to check if the id is used. Function was split and into two
seperate functions and used properly on CQ/SQ creation/deletion.
When id check is failed a proper error should be returned as defined
by the sepecification.
Additionally, CQ creation failed to properly check irq vector number.
Change-Id: I3b6d8179ce567be4cd064c0be0ed69a740708096
Signed-off-by: Shimi Gersner <address@hidden>
---
hw/block/nvme.c | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 9d5414c80f..24a51d33ea 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -62,14 +62,24 @@ static void nvme_addr_read(NvmeCtrl *n, hwaddr addr, void
*buf, int size)
}
}
-static int nvme_check_sqid(NvmeCtrl *n, uint16_t sqid)
+static int nvme_valid_sqid(NvmeCtrl *n, uint16_t sqid)
{
- return sqid < n->num_queues && n->sq[sqid] != NULL ? 0 : -1;
+ return sqid < n->num_queues;
}
-static int nvme_check_cqid(NvmeCtrl *n, uint16_t cqid)
+static int nvme_used_sqid(NvmeCtrl *n, uint16_t sqid)
{
- return cqid < n->num_queues && n->cq[cqid] != NULL ? 0 : -1;
+ return sqid < n->num_queues && n->sq[sqid] != NULL ? 1 : 0;
+}
+
+static int nvme_valid_cqid(NvmeCtrl *n, uint16_t cqid)
+{
+ return cqid < n->num_queues;
+}
+
+static int nvme_used_cqid(NvmeCtrl *n, uint16_t cqid)
+{
+ return cqid < n->num_queues && n->cq[cqid] != NULL ? 1 : 0;
}
static void nvme_inc_cq_tail(NvmeCQueue *cq)
@@ -433,7 +443,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd)
NvmeCQueue *cq;
uint16_t qid = le16_to_cpu(c->qid);
- if (unlikely(!qid || nvme_check_sqid(n, qid))) {
+ if (unlikely(!qid || !nvme_used_sqid(n, qid))) {
trace_nvme_err_invalid_del_sq(qid);
return NVME_INVALID_QID | NVME_DNR;
}
@@ -446,7 +456,7 @@ static uint16_t nvme_del_sq(NvmeCtrl *n, NvmeCmd *cmd)
assert(req->aiocb);
blk_aio_cancel(req->aiocb);
}
- if (!nvme_check_cqid(n, sq->cqid)) {
+ if (nvme_used_cqid(n, sq->cqid)) {
cq = n->cq[sq->cqid];
QTAILQ_REMOVE(&cq->sq_list, sq, entry);
@@ -504,11 +514,11 @@ static uint16_t nvme_create_sq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_create_sq(prp1, sqid, cqid, qsize, qflags);
- if (unlikely(!cqid || nvme_check_cqid(n, cqid))) {
+ if (unlikely(!cqid || !nvme_used_cqid(n, cqid))) {
trace_nvme_err_invalid_create_sq_cqid(cqid);
return NVME_INVALID_CQID | NVME_DNR;
}
- if (unlikely(!sqid || !nvme_check_sqid(n, sqid))) {
+ if (unlikely(!sqid || !nvme_valid_sqid(n, sqid) || nvme_used_sqid(n,
sqid))) {
trace_nvme_err_invalid_create_sq_sqid(sqid);
return NVME_INVALID_QID | NVME_DNR;
}
@@ -546,9 +556,9 @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd)
NvmeCQueue *cq;
uint16_t qid = le16_to_cpu(c->qid);
- if (unlikely(!qid || nvme_check_cqid(n, qid))) {
+ if (unlikely(!qid || !nvme_used_cqid(n, qid))) {
trace_nvme_err_invalid_del_cq_cqid(qid);
- return NVME_INVALID_CQID | NVME_DNR;
+ return NVME_INVALID_QID | NVME_DNR;
}
cq = n->cq[qid];
@@ -592,9 +602,9 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_create_cq(prp1, cqid, vector, qsize, qflags,
NVME_CQ_FLAGS_IEN(qflags) != 0);
- if (unlikely(!cqid || !nvme_check_cqid(n, cqid))) {
+ if (unlikely(!cqid || !nvme_valid_cqid(n, cqid) || nvme_used_cqid(n,
cqid))) {
trace_nvme_err_invalid_create_cq_cqid(cqid);
- return NVME_INVALID_CQID | NVME_DNR;
+ return NVME_INVALID_QID | NVME_DNR;
}
if (unlikely(!qsize || qsize > NVME_CAP_MQES(n->bar.cap))) {
trace_nvme_err_invalid_create_cq_size(qsize);
@@ -604,7 +614,7 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd)
trace_nvme_err_invalid_create_cq_addr(prp1);
return NVME_INVALID_FIELD | NVME_DNR;
}
- if (unlikely(vector > n->num_queues)) {
+ if (unlikely(vector >= n->num_queues)) {
trace_nvme_err_invalid_create_cq_vector(vector);
return NVME_INVALID_IRQ_VECTOR | NVME_DNR;
}
@@ -1091,7 +1101,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int
val)
NvmeCQueue *cq;
qid = (addr - (0x1000 + (1 << 2))) >> 3;
- if (unlikely(nvme_check_cqid(n, qid))) {
+ if (unlikely(!nvme_used_cqid(n, qid))) {
NVME_GUEST_ERR(nvme_ub_db_wr_invalid_cq,
"completion queue doorbell write"
" for nonexistent queue,"
@@ -1129,7 +1139,7 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int
val)
NvmeSQueue *sq;
qid = (addr - 0x1000) >> 3;
- if (unlikely(nvme_check_sqid(n, qid))) {
+ if (unlikely(!nvme_used_sqid(n, qid))) {
NVME_GUEST_ERR(nvme_ub_db_wr_invalid_sq,
"submission queue doorbell write"
" for nonexistent queue,"
--
2.17.1