From nobody Tue Nov 19 21:17:03 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XtHPW3tHcz5fSNn; Tue, 19 Nov 2024 21:17:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XtHPW2PGnz4lY7; Tue, 19 Nov 2024 21:17:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732051023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=71cYY0Tv9JHtq00uslSTJZZRi2Oe3Zi78Gjau+nONCA=; b=AfDtsBgieJ6hO/5vdAPpXqAYr1mLeVzAzlNjLIQIP7Yszvx6P0qO07vzbCy+pAxssWemPy zJJBKg0GwUnNjRn+/Y8W/yrJjJhYkNmbR021y2sIC633NZMDASJcs+yeQigHPRAXE2TFgp V6j/FttDxKfwQ505tGPgTiyBUG5e0UaAYArNML564qRb/Iri+DBwy3NjM2Zraj86pZG0TO AWKc7ZZPAAEiwkPe84JfroGT+r2wrtespBk1W2K6tc99yS/CgcmKADwVsebNXspE5la6Dk oQpNlv5EarTj4NyJB9lZgTcmYXAJgtjCh+2vVIbK18jazmPxcL+gK8jzjnuOew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732051023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=71cYY0Tv9JHtq00uslSTJZZRi2Oe3Zi78Gjau+nONCA=; b=nAYi5HnjM71eKQYPaIjjBa0mmRNWdKf+Hj61W2jjF1cZsQlOYALs2Jzeb9jMsRaRVEIPQX tfxEMqdg/gCErqYXNh08zumtZYVe021Q+fLF09il5sh6ONfY/+EHCsxODF36w3uBH8RcsL fJ42nB7jlklpO12KSOsyrAaozA/hWBawU34qsqaACmcHawPx5fAAFoYGGjfx1SvR4fWp/p coWoivktX8Jn5TA6Y0mHILoqTlYEqPn6xT4nn0cby0KepsZx1Pa3YXqVII+4uLn1z+HqmU P4PR/U6X0Z6CL3mo6byu0sGiL5KTeIIQQLprXKjH/8fJLNxapk8wbFMzk5JCBg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732051023; a=rsa-sha256; cv=none; b=elhFZaxUIdsS0t2tZpVjm24qM9lCkAwQwGNTGv9cnx5iU3VmBXkRuYr4XpPfXR6lyoX6ik 5JHZkI3jUleQ/Dl34OD5lmNY7dS1lLx2/as5p6iFwaleFgMci10hnpIqsT3R1dSIv/nTOD qb5I8J5cwryBPLyITx7hM8hAhkwRviFbLWppXeFQpfNZ2rNhu/C6jfmr733fPYOMG3C6Cf nh1+Ypw5cfMh9t/Sts55R550eBC+D0y+ycnynbMho8PEF48Lt9b7nM+C5oDhyZVFXhcGGN Pa9njHik5PzM6RKgT7TF5flJobsD6GA+rzBiTOackrt3WFNWZH3IdmCDsURMVg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XtHPW20ckzR9G; Tue, 19 Nov 2024 21:17:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AJLH3IP092351; Tue, 19 Nov 2024 21:17:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AJLH39w092348; Tue, 19 Nov 2024 21:17:03 GMT (envelope-from git) Date: Tue, 19 Nov 2024 21:17:03 GMT Message-Id: <202411192117.4AJLH39w092348@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 2be68ecff81b - stable/13 - bhyve ahci: Improve robustness of TRIM handling List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2be68ecff81b1cd7268b0d6436f4d6fa206fc2fa Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=2be68ecff81b1cd7268b0d6436f4d6fa206fc2fa commit 2be68ecff81b1cd7268b0d6436f4d6fa206fc2fa Author: John Baldwin AuthorDate: 2024-10-24 14:18:09 +0000 Commit: Ed Maste CommitDate: 2024-11-19 17:38:10 +0000 bhyve ahci: Improve robustness of TRIM handling The previous fix for a stack buffer leak in the ahci device model actually broke the handling of TRIM as one of the checks it added caused TRIM commands to never be completed. This resulted in command timeouts if a guest OS did a 'newfs -E' of an AHCI disk, for example. Also, for the invalid case the previous check was handling, the device model should be failing with an error rather than claiming success. To resolve this, validate the length of a TRIM request and fail with an error if it exceeds the maximum number of supported blocks advertised via IDENTIFY. In addition, if the PRDT does not provide enough data, fail the command with an error rather than performing a partial completion. This is somewhat complicated by the implementation of TRIM in the ahci device model. A single TRIM request can specify multiple LBA ranges. The device model handles this by dispatching blockif_delete() requests one at a time. When a blockif_delete() request completes, the device model locates the TRIM buffer and searches for the next LBA range to handle. Previously, the device model would re-read the trim buffer from guest memory each time. However, this was subject to some unpleasant races if the guest changed the PRDT entries or CFIS while a command was in flight. Instead, read the buffer of trim ranges once and cache it across multipe internal blockif requests. Reviewed by: mav Fixes: 71fa171c6480 bhyve: Initialize stack buffer in pci_ahci Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47224 (cherry picked from commit 8c8ebbb045185396083cd3e4d333fe1851930ee7) (cherry picked from commit 3981cf108773d6b29c8e100bc3b4a105eae681ec) --- usr.sbin/bhyve/pci_ahci.c | 145 ++++++++++++++++++++++++++++++---------------- 1 file changed, 95 insertions(+), 50 deletions(-) diff --git a/usr.sbin/bhyve/pci_ahci.c b/usr.sbin/bhyve/pci_ahci.c index 33ca389944f8..67c13a043e02 100644 --- a/usr.sbin/bhyve/pci_ahci.c +++ b/usr.sbin/bhyve/pci_ahci.c @@ -126,6 +126,7 @@ struct ahci_ioreq { STAILQ_ENTRY(ahci_ioreq) io_flist; TAILQ_ENTRY(ahci_ioreq) io_blist; uint8_t *cfis; + uint8_t *dsm; uint32_t len; uint32_t done; int slot; @@ -213,6 +214,8 @@ struct pci_ahci_softc { }; #define ahci_ctx(sc) ((sc)->asc_pi->pi_vmctx) +static void ahci_handle_next_trim(struct ahci_port *p, int slot, uint8_t *cfis, + uint8_t *buf, uint32_t len, uint32_t done); static void ahci_handle_port(struct ahci_port *p); static inline void lba_to_msf(uint8_t *buf, int lba) @@ -812,18 +815,14 @@ read_prdt(struct ahci_port *p, int slot, uint8_t *cfis, void *buf, } static void -ahci_handle_dsm_trim(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done) +ahci_handle_dsm_trim(struct ahci_port *p, int slot, uint8_t *cfis) { - struct ahci_ioreq *aior; - struct blockif_req *breq; - uint8_t *entry; - uint64_t elba; - uint32_t len, elen; - int err, first, ncq; - uint8_t buf[512]; - unsigned int written; + uint32_t len; + int ncq; + uint8_t *buf; + unsigned int nread; - first = (done == 0); + buf = NULL; if (cfis[2] == ATA_DATA_SET_MANAGEMENT) { len = (uint16_t)cfis[13] << 8 | cfis[12]; len *= 512; @@ -833,39 +832,84 @@ ahci_handle_dsm_trim(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done len *= 512; ncq = 1; } - written = read_prdt(p, slot, cfis, buf, sizeof(buf)); - memset(buf + written, 0, sizeof(buf) - written); -next: - if (done >= sizeof(buf) - 8) - return; - entry = &buf[done]; - elba = ((uint64_t)entry[5] << 40) | - ((uint64_t)entry[4] << 32) | - ((uint64_t)entry[3] << 24) | - ((uint64_t)entry[2] << 16) | - ((uint64_t)entry[1] << 8) | - entry[0]; - elen = (uint16_t)entry[7] << 8 | entry[6]; - done += 8; - if (elen == 0) { - if (done >= len) { - if (ncq) { - if (first) - ahci_write_fis_d2h_ncq(p, slot); - ahci_write_fis_sdb(p, slot, cfis, - ATA_S_READY | ATA_S_DSC); - } else { - ahci_write_fis_d2h(p, slot, cfis, - ATA_S_READY | ATA_S_DSC); - } + /* Support for only a single block is advertised via IDENTIFY. */ + if (len > 512) { + goto invalid_command; + } + + buf = malloc(len); + nread = read_prdt(p, slot, cfis, buf, len); + if (nread != len) { + goto invalid_command; + } + ahci_handle_next_trim(p, slot, cfis, buf, len, 0); + return; + +invalid_command: + free(buf); + if (ncq) { + ahci_write_fis_d2h_ncq(p, slot); + ahci_write_fis_sdb(p, slot, cfis, + (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); + } else { + ahci_write_fis_d2h(p, slot, cfis, + (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); + } +} + +static void +ahci_handle_next_trim(struct ahci_port *p, int slot, uint8_t *cfis, + uint8_t *buf, uint32_t len, uint32_t done) +{ + struct ahci_ioreq *aior; + struct blockif_req *breq; + uint8_t *entry; + uint64_t elba; + uint32_t elen; + int err; + bool first, ncq; + + first = (done == 0); + if (cfis[2] == ATA_DATA_SET_MANAGEMENT) { + ncq = false; + } else { /* ATA_SEND_FPDMA_QUEUED */ + ncq = true; + } + + /* Find the next range to TRIM. */ + while (done < len) { + entry = &buf[done]; + elba = ((uint64_t)entry[5] << 40) | + ((uint64_t)entry[4] << 32) | + ((uint64_t)entry[3] << 24) | + ((uint64_t)entry[2] << 16) | + ((uint64_t)entry[1] << 8) | + entry[0]; + elen = (uint16_t)entry[7] << 8 | entry[6]; + done += 8; + if (elen != 0) + break; + } + + /* All remaining ranges were empty. */ + if (done == len) { + free(buf); + if (ncq) { + if (first) + ahci_write_fis_d2h_ncq(p, slot); + ahci_write_fis_sdb(p, slot, cfis, + ATA_S_READY | ATA_S_DSC); + } else { + ahci_write_fis_d2h(p, slot, cfis, + ATA_S_READY | ATA_S_DSC); + } + if (!first) { p->pending &= ~(1 << slot); ahci_check_stopped(p); - if (!first) - ahci_handle_port(p); - return; + ahci_handle_port(p); } - goto next; + return; } /* @@ -878,6 +922,7 @@ next: aior->slot = slot; aior->len = len; aior->done = done; + aior->dsm = buf; aior->more = (len != done); breq = &aior->io_req; @@ -1755,7 +1800,7 @@ ahci_handle_cmd(struct ahci_port *p, int slot, uint8_t *cfis) case ATA_DATA_SET_MANAGEMENT: if (cfis[11] == 0 && cfis[3] == ATA_DSM_TRIM && cfis[13] == 0 && cfis[12] == 1) { - ahci_handle_dsm_trim(p, slot, cfis, 0); + ahci_handle_dsm_trim(p, slot, cfis); break; } ahci_write_fis_d2h(p, slot, cfis, @@ -1765,7 +1810,7 @@ ahci_handle_cmd(struct ahci_port *p, int slot, uint8_t *cfis) if ((cfis[13] & 0x1f) == ATA_SFPDMA_DSM && cfis[17] == 0 && cfis[16] == ATA_DSM_TRIM && cfis[11] == 0 && cfis[3] == 1) { - ahci_handle_dsm_trim(p, slot, cfis, 0); + ahci_handle_dsm_trim(p, slot, cfis); break; } ahci_write_fis_d2h(p, slot, cfis, @@ -1903,12 +1948,12 @@ ata_ioreq_cb(struct blockif_req *br, int err) struct ahci_port *p; struct pci_ahci_softc *sc; uint32_t tfd; - uint8_t *cfis; - int slot, ncq, dsm; + uint8_t *cfis, *dsm; + int slot, ncq; DPRINTF("%s %d", __func__, err); - ncq = dsm = 0; + ncq = 0; aior = br->br_param; p = aior->io_pr; cfis = aior->cfis; @@ -1920,10 +1965,8 @@ ata_ioreq_cb(struct blockif_req *br, int err) cfis[2] == ATA_READ_FPDMA_QUEUED || cfis[2] == ATA_SEND_FPDMA_QUEUED) ncq = 1; - if (cfis[2] == ATA_DATA_SET_MANAGEMENT || - (cfis[2] == ATA_SEND_FPDMA_QUEUED && - (cfis[13] & 0x1f) == ATA_SFPDMA_DSM)) - dsm = 1; + dsm = aior->dsm; + aior->dsm = NULL; pthread_mutex_lock(&sc->mtx); @@ -1941,8 +1984,9 @@ ata_ioreq_cb(struct blockif_req *br, int err) hdr->prdbc = aior->done; if (!err && aior->more) { - if (dsm) - ahci_handle_dsm_trim(p, slot, cfis, aior->done); + if (dsm != NULL) + ahci_handle_next_trim(p, slot, cfis, dsm, + aior->len, aior->done); else ahci_handle_rw(p, slot, cfis, aior->done); goto out; @@ -1964,6 +2008,7 @@ ata_ioreq_cb(struct blockif_req *br, int err) ahci_check_stopped(p); ahci_handle_port(p); + free(dsm); out: pthread_mutex_unlock(&sc->mtx); DPRINTF("%s exit", __func__);