diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/common.h | 1 | ||||
-rw-r--r-- | lib/dma.c | 11 | ||||
-rw-r--r-- | lib/dma.h | 3 | ||||
-rw-r--r-- | lib/libvfio-user.c | 7 | ||||
-rw-r--r-- | lib/private.h | 10 |
5 files changed, 24 insertions, 8 deletions
diff --git a/lib/common.h b/lib/common.h index a56a0f0..599759f 100644 --- a/lib/common.h +++ b/lib/common.h @@ -43,6 +43,7 @@ #define UNUSED __attribute__((unused)) #define EXPORT __attribute__((visibility("default"))) +#define ONE_TB (1024UL * 1024 * 1024 * 1024) #define PAGE_SIZE (size_t)sysconf(_SC_PAGE_SIZE) #define PAGE_ALIGNED(x) (((x) & ((typeof(x))(PAGE_SIZE) - 1)) == 0) @@ -71,7 +71,7 @@ fds_are_same_file(int fd1, int fd2) } dma_controller_t * -dma_controller_create(vfu_ctx_t *vfu_ctx, int max_regions) +dma_controller_create(vfu_ctx_t *vfu_ctx, size_t max_regions, size_t max_size) { dma_controller_t *dma; @@ -83,7 +83,8 @@ dma_controller_create(vfu_ctx_t *vfu_ctx, int max_regions) } dma->vfu_ctx = vfu_ctx; - dma->max_regions = max_regions; + dma->max_regions = (int)max_regions; + dma->max_size = max_size; dma->nregions = 0; memset(dma->regions, 0, max_regions * sizeof(dma->regions[0])); dma->dirty_pgsize = 0; @@ -298,6 +299,12 @@ MOCK_DEFINE(dma_controller_add_region)(dma_controller_t *dma, snprintf(rstr, sizeof(rstr), "[%p, %p) fd=%d offset=%#lx prot=%#x", dma_addr, (char *)dma_addr + size, fd, offset, prot); + if (size > dma->max_size) { + vfu_log(dma->vfu_ctx, LOG_ERR, "DMA region size %zu > max %zu", + size, dma->max_size); + return ERROR_INT(ENOSPC); + } + for (idx = 0; idx < dma->nregions; idx++) { region = &dma->regions[idx]; @@ -92,6 +92,7 @@ typedef struct { typedef struct dma_controller { int max_regions; + size_t max_size; int nregions; struct vfu_ctx *vfu_ctx; size_t dirty_pgsize; // Dirty page granularity @@ -99,7 +100,7 @@ typedef struct dma_controller { } dma_controller_t; dma_controller_t * -dma_controller_create(vfu_ctx_t *vfu_ctx, int max_regions); +dma_controller_create(vfu_ctx_t *vfu_ctx, size_t max_regions, size_t max_size); void dma_controller_remove_all_regions(dma_controller_t *dma, diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c index c569714..452b15f 100644 --- a/lib/libvfio-user.c +++ b/lib/libvfio-user.c @@ -671,9 +671,7 @@ handle_dirty_pages_get(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg) return -1; } - /* - * FIXME: this is unbounded until we can limit the maximum DMA region size. - */ + /* NB: this is bound by MAX_DMA_SIZE. */ argsz = sizeof(*dirty_pages_out) + sizeof(*range_out) + range_in->bitmap.size; @@ -1506,7 +1504,8 @@ vfu_setup_device_dma(vfu_ctx_t *vfu_ctx, vfu_dma_register_cb_t *dma_register, assert(vfu_ctx != NULL); // Create the internal DMA controller. - vfu_ctx->dma = dma_controller_create(vfu_ctx, VFU_DMA_REGIONS); + vfu_ctx->dma = dma_controller_create(vfu_ctx, MAX_DMA_REGIONS, + MAX_DMA_SIZE); if (vfu_ctx->dma == NULL) { return ERROR_INT(errno); } diff --git a/lib/private.h b/lib/private.h index c9a8af7..c7c0627 100644 --- a/lib/private.h +++ b/lib/private.h @@ -35,8 +35,16 @@ #include <errno.h> -#include "pci_caps.h" #include "common.h" +#include "pci_caps.h" + +/* + * The main reason we limit the size of an individual DMA region from the client + * is to limit the size of the dirty bitmaps: this corresponds to 256MB at a 4K + * page size. + */ +#define MAX_DMA_SIZE (8 * ONE_TB) +#define MAX_DMA_REGIONS 16 #define SERVER_MAX_MSG_SIZE 65536 |