[PATCH] hw/nvme: fix validation of ASQ and ACQ

[PATCH] hw/nvme: fix validation of ASQ and ACQ

[Klaus Jensen]

From: Klaus Jensen <k.jensen@samsung.com>

Address 0x0 is a valid address. Fix the admin submission and completion
queue address validation to not error out on this.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
 hw/nvme/ctrl.c       | 8 --------
 hw/nvme/trace-events | 2 --
 2 files changed, 10 deletions(-)

diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 6baf9e0420d5..ff784851137e 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -5623,14 +5623,6 @@ static int nvme_start_ctrl(NvmeCtrl *n)
         trace_pci_nvme_err_startfail_sq();
         return -1;
     }
-    if (unlikely(!asq)) {
-        trace_pci_nvme_err_startfail_nbarasq();
-        return -1;
-    }
-    if (unlikely(!acq)) {
-        trace_pci_nvme_err_startfail_nbaracq();
-        return -1;
-    }
     if (unlikely(asq & (page_size - 1))) {
         trace_pci_nvme_err_startfail_asq_misaligned(asq);
         return -1;
diff --git a/hw/nvme/trace-events b/hw/nvme/trace-events
index 430eeb395b24..ff6cafd520df 100644
--- a/hw/nvme/trace-events
+++ b/hw/nvme/trace-events
@@ -159,8 +159,6 @@ pci_nvme_err_invalid_setfeat(uint32_t dw10) "invalid set features, dw10=0x%"PRIx
 pci_nvme_err_invalid_log_page(uint16_t cid, uint16_t lid) "cid %"PRIu16" lid 0x%"PRIx16""
 pci_nvme_err_startfail_cq(void) "nvme_start_ctrl failed because there are non-admin completion queues"
 pci_nvme_err_startfail_sq(void) "nvme_start_ctrl failed because there are non-admin submission queues"
-pci_nvme_err_startfail_nbarasq(void) "nvme_start_ctrl failed because the admin submission queue address is null"
-pci_nvme_err_startfail_nbaracq(void) "nvme_start_ctrl failed because the admin completion queue address is null"
 pci_nvme_err_startfail_asq_misaligned(uint64_t addr) "nvme_start_ctrl failed because the admin submission queue address is misaligned: 0x%"PRIx64""
 pci_nvme_err_startfail_acq_misaligned(uint64_t addr) "nvme_start_ctrl failed because the admin completion queue address is misaligned: 0x%"PRIx64""
 pci_nvme_err_startfail_page_too_small(uint8_t log2ps, uint8_t maxlog2ps) "nvme_start_ctrl failed because the page size is too small: log2size=%u, min=%u"
-- 
2.32.0

Re: [PATCH] hw/nvme: fix validation of ASQ and ACQ

[Keith Busch]

On Mon, Aug 23, 2021 at 02:20:18PM +0200, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
> 
> Address 0x0 is a valid address. Fix the admin submission and completion
> queue address validation to not error out on this.

Indeed, there are environments that can use that address. It's a host error if
the controller was enabled with invalid queue addresses anyway. The controller
only needs to verify the lower bits are clear, which we do later.

Reviewed-by: Keith Busch <kbusch@kernel.org>

Re: [PATCH] hw/nvme: fix validation of ASQ and ACQ

[Klaus Jensen]

[-- Attachment #1: Type: text/plain, Size: 876 bytes --]

On Aug 23 19:47, Keith Busch wrote:
> On Mon, Aug 23, 2021 at 02:20:18PM +0200, Klaus Jensen wrote:
> > From: Klaus Jensen <k.jensen@samsung.com>
> > 
> > Address 0x0 is a valid address. Fix the admin submission and completion
> > queue address validation to not error out on this.
> 
> Indeed, there are environments that can use that address. It's a host error if
> the controller was enabled with invalid queue addresses anyway. The controller
> only needs to verify the lower bits are clear, which we do later.
> 
> Reviewed-by: Keith Busch <kbusch@kernel.org>
> 

Thanks Keith,

Yeah, I noticed this with a VFIO-based driver where the IOVAs typically
start at 0x0.

And yes, I specifically refrained from adding any other sanity checks on
the addresses. I.e., we could add a check for ASQ != ACQ, but who are we
to judge ;)

Applied to nvme-next!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]