qemu/hw/mem/nvdimm.c
David Hildenbrand 3a1258399b nvdimm: Reject writing label data to ROM instead of crashing QEMU
Currently, when using a true R/O NVDIMM (ROM memory backend) with a label
area, the VM can easily crash QEMU by trying to write to the label area,
because the ROM memory is mmap'ed without PROT_WRITE.

    [root@vm-0 ~]# ndctl disable-region region0
    disabled 1 region
    [root@vm-0 ~]# ndctl zero-labels nmem0
    -> QEMU segfaults

Let's remember whether we have a ROM memory backend and properly
reject the write request:

    [root@vm-0 ~]# ndctl disable-region region0
    disabled 1 region
    [root@vm-0 ~]# ndctl zero-labels nmem0
    zeroed 0 nmem

In comparison, on a system with a R/W NVDIMM:

    [root@vm-0 ~]# ndctl disable-region region0
    disabled 1 region
    [root@vm-0 ~]# ndctl zero-labels nmem0
    zeroed 1 nmem

For ACPI, just return "unsupported", like if no label exists. For spapr,
return "H_P2", similar to when no label area exists.

Could we rely on the "unarmed" property? Maybe, but it looks cleaner to
only disallow what certainly cannot work.

After all "unarmed=on" primarily means: cannot accept persistent writes. In
theory, there might be setups where devices with "unarmed=on" set could
be used to host non-persistent data (temporary files, system RAM, ...); for
example, in Linux, admins can overwrite the "readonly" setting and still
write to the device -- which will work as long as we're not using ROM.
Allowing writing label data in such configurations can make sense.

Message-ID: <20230906120503.359863-2-david@redhat.com>
Fixes: dbd730e85987 ("nvdimm: check -object memory-backend-file, readonly=on option")
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
2023-09-19 10:23:21 +02:00

287 lines
8.5 KiB
C

/*
* Non-Volatile Dual In-line Memory Module Virtualization Implementation
*
* Copyright(C) 2015 Intel Corporation.
*
* Author:
* Xiao Guangrong <guangrong.xiao@linux.intel.com>
*
* Currently, it only supports PMEM Virtualization.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>
*/
#include "qemu/osdep.h"
#include "qemu/module.h"
#include "qemu/pmem.h"
#include "qapi/error.h"
#include "qapi/visitor.h"
#include "hw/mem/nvdimm.h"
#include "hw/qdev-properties.h"
#include "hw/mem/memory-device.h"
#include "sysemu/hostmem.h"
static void nvdimm_get_label_size(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(obj);
uint64_t value = nvdimm->label_size;
visit_type_size(v, name, &value, errp);
}
static void nvdimm_set_label_size(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(obj);
uint64_t value;
if (nvdimm->nvdimm_mr) {
error_setg(errp, "cannot change property value");
return;
}
if (!visit_type_size(v, name, &value, errp)) {
return;
}
if (value < MIN_NAMESPACE_LABEL_SIZE) {
error_setg(errp, "Property '%s.%s' (0x%" PRIx64 ") is required"
" at least 0x%lx", object_get_typename(obj), name, value,
MIN_NAMESPACE_LABEL_SIZE);
return;
}
nvdimm->label_size = value;
}
static void nvdimm_get_uuid(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(obj);
char *value = NULL;
value = qemu_uuid_unparse_strdup(&nvdimm->uuid);
visit_type_str(v, name, &value, errp);
g_free(value);
}
static void nvdimm_set_uuid(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(obj);
char *value;
if (!visit_type_str(v, name, &value, errp)) {
return;
}
if (qemu_uuid_parse(value, &nvdimm->uuid) != 0) {
error_setg(errp, "Property '%s.%s' has invalid value",
object_get_typename(obj), name);
}
g_free(value);
}
static void nvdimm_init(Object *obj)
{
object_property_add(obj, NVDIMM_LABEL_SIZE_PROP, "int",
nvdimm_get_label_size, nvdimm_set_label_size, NULL,
NULL);
object_property_add(obj, NVDIMM_UUID_PROP, "QemuUUID", nvdimm_get_uuid,
nvdimm_set_uuid, NULL, NULL);
}
static void nvdimm_finalize(Object *obj)
{
NVDIMMDevice *nvdimm = NVDIMM(obj);
g_free(nvdimm->nvdimm_mr);
}
static void nvdimm_prepare_memory_region(NVDIMMDevice *nvdimm, Error **errp)
{
PCDIMMDevice *dimm = PC_DIMM(nvdimm);
uint64_t align, pmem_size, size;
MemoryRegion *mr;
g_assert(!nvdimm->nvdimm_mr);
if (!dimm->hostmem) {
error_setg(errp, "'" PC_DIMM_MEMDEV_PROP "' property must be set");
return;
}
mr = host_memory_backend_get_memory(dimm->hostmem);
align = memory_region_get_alignment(mr);
size = memory_region_size(mr);
pmem_size = size - nvdimm->label_size;
nvdimm->label_data = memory_region_get_ram_ptr(mr) + pmem_size;
pmem_size = QEMU_ALIGN_DOWN(pmem_size, align);
if (size <= nvdimm->label_size || !pmem_size) {
HostMemoryBackend *hostmem = dimm->hostmem;
error_setg(errp, "the size of memdev %s (0x%" PRIx64 ") is too "
"small to contain nvdimm label (0x%" PRIx64 ") and "
"aligned PMEM (0x%" PRIx64 ")",
object_get_canonical_path_component(OBJECT(hostmem)),
memory_region_size(mr), nvdimm->label_size, align);
return;
}
if (!nvdimm->unarmed && memory_region_is_rom(mr)) {
HostMemoryBackend *hostmem = dimm->hostmem;
error_setg(errp, "'unarmed' property must be 'on' since memdev %s "
"is read-only",
object_get_canonical_path_component(OBJECT(hostmem)));
return;
}
if (memory_region_is_rom(mr)) {
nvdimm->readonly = true;
}
nvdimm->nvdimm_mr = g_new(MemoryRegion, 1);
memory_region_init_alias(nvdimm->nvdimm_mr, OBJECT(dimm),
"nvdimm-memory", mr, 0, pmem_size);
memory_region_set_nonvolatile(nvdimm->nvdimm_mr, true);
nvdimm->nvdimm_mr->align = align;
}
static MemoryRegion *nvdimm_md_get_memory_region(MemoryDeviceState *md,
Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(md);
Error *local_err = NULL;
if (!nvdimm->nvdimm_mr) {
nvdimm_prepare_memory_region(nvdimm, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return NULL;
}
}
return nvdimm->nvdimm_mr;
}
static void nvdimm_realize(PCDIMMDevice *dimm, Error **errp)
{
NVDIMMDevice *nvdimm = NVDIMM(dimm);
NVDIMMClass *ndc = NVDIMM_GET_CLASS(nvdimm);
if (!nvdimm->nvdimm_mr) {
nvdimm_prepare_memory_region(nvdimm, errp);
}
if (ndc->realize) {
ndc->realize(nvdimm, errp);
}
}
static void nvdimm_unrealize(PCDIMMDevice *dimm)
{
NVDIMMDevice *nvdimm = NVDIMM(dimm);
NVDIMMClass *ndc = NVDIMM_GET_CLASS(nvdimm);
if (ndc->unrealize) {
ndc->unrealize(nvdimm);
}
}
/*
* the caller should check the input parameters before calling
* label read/write functions.
*/
static void nvdimm_validate_rw_label_data(NVDIMMDevice *nvdimm, uint64_t size,
uint64_t offset, bool is_write)
{
assert((nvdimm->label_size >= size + offset) && (offset + size > offset));
assert(!is_write || !nvdimm->readonly);
}
static void nvdimm_read_label_data(NVDIMMDevice *nvdimm, void *buf,
uint64_t size, uint64_t offset)
{
nvdimm_validate_rw_label_data(nvdimm, size, offset, false);
memcpy(buf, nvdimm->label_data + offset, size);
}
static void nvdimm_write_label_data(NVDIMMDevice *nvdimm, const void *buf,
uint64_t size, uint64_t offset)
{
MemoryRegion *mr;
PCDIMMDevice *dimm = PC_DIMM(nvdimm);
bool is_pmem = object_property_get_bool(OBJECT(dimm->hostmem),
"pmem", NULL);
uint64_t backend_offset;
nvdimm_validate_rw_label_data(nvdimm, size, offset, true);
if (!is_pmem) {
memcpy(nvdimm->label_data + offset, buf, size);
} else {
pmem_memcpy_persist(nvdimm->label_data + offset, buf, size);
}
mr = host_memory_backend_get_memory(dimm->hostmem);
backend_offset = memory_region_size(mr) - nvdimm->label_size + offset;
memory_region_set_dirty(mr, backend_offset, size);
}
static Property nvdimm_properties[] = {
DEFINE_PROP_BOOL(NVDIMM_UNARMED_PROP, NVDIMMDevice, unarmed, false),
DEFINE_PROP_END_OF_LIST(),
};
static void nvdimm_class_init(ObjectClass *oc, void *data)
{
PCDIMMDeviceClass *ddc = PC_DIMM_CLASS(oc);
MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(oc);
NVDIMMClass *nvc = NVDIMM_CLASS(oc);
DeviceClass *dc = DEVICE_CLASS(oc);
ddc->realize = nvdimm_realize;
ddc->unrealize = nvdimm_unrealize;
mdc->get_memory_region = nvdimm_md_get_memory_region;
device_class_set_props(dc, nvdimm_properties);
nvc->read_label_data = nvdimm_read_label_data;
nvc->write_label_data = nvdimm_write_label_data;
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
static const TypeInfo nvdimm_info = {
.name = TYPE_NVDIMM,
.parent = TYPE_PC_DIMM,
.class_size = sizeof(NVDIMMClass),
.class_init = nvdimm_class_init,
.instance_size = sizeof(NVDIMMDevice),
.instance_init = nvdimm_init,
.instance_finalize = nvdimm_finalize,
};
static void nvdimm_register_types(void)
{
type_register_static(&nvdimm_info);
}
type_init(nvdimm_register_types)