All of lore.kernel.org
 help / color / mirror / Atom feed
* [PULL for-6.0 0/2] emulated nvme fixes
@ 2021-03-29 17:04 Klaus Jensen
  2021-03-29 17:04 ` [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw Klaus Jensen
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Klaus Jensen @ 2021-03-29 17:04 UTC (permalink / raw)
  To: qemu-devel, Peter Maydell
  Cc: Kevin Wolf, qemu-block, Klaus Jensen, Max Reitz, Keith Busch,
	Klaus Jensen

From: Klaus Jensen <k.jensen@samsung.com>

Hi Peter,

The following changes since commit ec2e6e016d24bd429792d08cf607e4c5350dcdaa:

  Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging (2021-03-28 19:49:57 +0100)

are available in the Git repository at:

  git://git.infradead.org/qemu-nvme.git tags/nvme-fixes-for-6.0-pull-request

for you to fetch changes up to 3a69cadbef7af23a566dbe2400043c247c3d50ca:

  hw/block/nvme: fix ref counting in nvme_format_ns (2021-03-29 18:46:57 +0200)

----------------------------------------------------------------
emulated nvme fixes

----------------------------------------------------------------

Klaus Jensen (2):
  hw/block/nvme: fix resource leak in nvme_dif_rw
  hw/block/nvme: fix ref counting in nvme_format_ns

 hw/block/nvme-dif.c |  2 +-
 hw/block/nvme.c     | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

-- 
2.31.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw
  2021-03-29 17:04 [PULL for-6.0 0/2] emulated nvme fixes Klaus Jensen
@ 2021-03-29 17:04 ` Klaus Jensen
  2021-03-29 17:04 ` [PULL for-6.0 2/2] hw/block/nvme: fix ref counting in nvme_format_ns Klaus Jensen
  2021-03-30 12:08 ` [PULL for-6.0 0/2] emulated nvme fixes Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Klaus Jensen @ 2021-03-29 17:04 UTC (permalink / raw)
  To: qemu-devel, Peter Maydell
  Cc: Kevin Wolf, qemu-block, Klaus Jensen, Gollu Appalanaidu,
	Max Reitz, Keith Busch, Klaus Jensen

From: Klaus Jensen <k.jensen@samsung.com>

If nvme_map_dptr() fails, nvme_dif_rw() will leak the bounce context.
Fix this by using the same error handling as everywhere else in the
function.

Reported-by: Coverity (CID 1451080)
Fixes: 146f720c5563 ("hw/block/nvme: end-to-end data protection")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
---
 hw/block/nvme-dif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/nvme-dif.c b/hw/block/nvme-dif.c
index 2038d724bda5..e6f04faafb5f 100644
--- a/hw/block/nvme-dif.c
+++ b/hw/block/nvme-dif.c
@@ -432,7 +432,7 @@ uint16_t nvme_dif_rw(NvmeCtrl *n, NvmeRequest *req)
 
     status = nvme_map_dptr(n, &req->sg, mapped_len, &req->cmd);
     if (status) {
-        return status;
+        goto err;
     }
 
     ctx->data.bounce = g_malloc(len);
-- 
2.31.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PULL for-6.0 2/2] hw/block/nvme: fix ref counting in nvme_format_ns
  2021-03-29 17:04 [PULL for-6.0 0/2] emulated nvme fixes Klaus Jensen
  2021-03-29 17:04 ` [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw Klaus Jensen
@ 2021-03-29 17:04 ` Klaus Jensen
  2021-03-30 12:08 ` [PULL for-6.0 0/2] emulated nvme fixes Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Klaus Jensen @ 2021-03-29 17:04 UTC (permalink / raw)
  To: qemu-devel, Peter Maydell
  Cc: Kevin Wolf, qemu-block, Klaus Jensen, Gollu Appalanaidu,
	Max Reitz, Keith Busch, Klaus Jensen

From: Klaus Jensen <k.jensen@samsung.com>

Max noticed that since blk_aio_pwrite_zeroes() may invoke the callback
before returning, the callbacks will never see *count == 0 and thus
never free the count variable or decrement num_formats causing a CQE to
never be posted.

Coverity (CID 1451082) also picked up on the fact that count would not
be free'ed if the namespace was of zero size.

Fix both of these issues by explicitly checking *count and finalize for
the given namespace if --(*count) is zero. Enqueing a CQE if there are
no AIOs outstanding after this case is already handled by nvme_format()
by inspecting *num_formats.

Reported-by: Max Reitz <mreitz@redhat.com>
Reported-by: Coverity (CID 1451082)
Fixes: dc04d25e2f3f ("hw/block/nvme: add support for the format nvm command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
---
 hw/block/nvme.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 6842b01ab58b..c54ec3c9523c 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -5009,9 +5009,15 @@ static uint16_t nvme_format_ns(NvmeCtrl *n, NvmeNamespace *ns, uint8_t lbaf,
 
     }
 
-    (*count)--;
+    if (--(*count)) {
+        return NVME_NO_COMPLETE;
+    }
 
-    return NVME_NO_COMPLETE;
+    g_free(count);
+    ns->status = 0x0;
+    (*num_formats)--;
+
+    return NVME_SUCCESS;
 }
 
 static uint16_t nvme_format(NvmeCtrl *n, NvmeRequest *req)
-- 
2.31.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PULL for-6.0 0/2] emulated nvme fixes
  2021-03-29 17:04 [PULL for-6.0 0/2] emulated nvme fixes Klaus Jensen
  2021-03-29 17:04 ` [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw Klaus Jensen
  2021-03-29 17:04 ` [PULL for-6.0 2/2] hw/block/nvme: fix ref counting in nvme_format_ns Klaus Jensen
@ 2021-03-30 12:08 ` Peter Maydell
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2021-03-30 12:08 UTC (permalink / raw)
  To: Klaus Jensen
  Cc: Kevin Wolf, Qemu-block, Klaus Jensen, QEMU Developers, Max Reitz,
	Keith Busch

On Mon, 29 Mar 2021 at 18:04, Klaus Jensen <its@irrelevant.dk> wrote:
>
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Hi Peter,
>
> The following changes since commit ec2e6e016d24bd429792d08cf607e4c5350dcdaa:
>
>   Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging (2021-03-28 19:49:57 +0100)
>
> are available in the Git repository at:
>
>   git://git.infradead.org/qemu-nvme.git tags/nvme-fixes-for-6.0-pull-request
>
> for you to fetch changes up to 3a69cadbef7af23a566dbe2400043c247c3d50ca:
>
>   hw/block/nvme: fix ref counting in nvme_format_ns (2021-03-29 18:46:57 +0200)
>
> ----------------------------------------------------------------
> emulated nvme fixes
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.0
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-30 12:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-29 17:04 [PULL for-6.0 0/2] emulated nvme fixes Klaus Jensen
2021-03-29 17:04 ` [PULL for-6.0 1/2] hw/block/nvme: fix resource leak in nvme_dif_rw Klaus Jensen
2021-03-29 17:04 ` [PULL for-6.0 2/2] hw/block/nvme: fix ref counting in nvme_format_ns Klaus Jensen
2021-03-30 12:08 ` [PULL for-6.0 0/2] emulated nvme fixes Peter Maydell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.