limit max DMA region size (#545)

Since the dirty bitmap in message replies is allocated based upon the maximum
size of an individual region, add a limit (somewhat arbitrarily 8TiB, which is a
bitmap size of 256MiB). Add a couple of basic tests on the two DMA limits.

Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/lib/dma.c b/lib/dma.c
index 32014f0..b76c18c 100644
--- a/lib/dma.c
+++ b/lib/dma.c
@@ -71,7 +71,7 @@ fds_are_same_file(int fd1, int fd2)
 }
 
 dma_controller_t *
-dma_controller_create(vfu_ctx_t *vfu_ctx, int max_regions)
+dma_controller_create(vfu_ctx_t *vfu_ctx, size_t max_regions, size_t max_size)
 {
     dma_controller_t *dma;
 
@@ -83,7 +83,8 @@ dma_controller_create(vfu_ctx_t *vfu_ctx, int max_regions)
     }
 
     dma->vfu_ctx = vfu_ctx;
-    dma->max_regions = max_regions;
+    dma->max_regions = (int)max_regions;
+    dma->max_size = max_size;
     dma->nregions = 0;
     memset(dma->regions, 0, max_regions * sizeof(dma->regions[0]));
     dma->dirty_pgsize = 0;
@@ -298,6 +299,12 @@ MOCK_DEFINE(dma_controller_add_region)(dma_controller_t *dma,
     snprintf(rstr, sizeof(rstr), "[%p, %p) fd=%d offset=%#lx prot=%#x",
              dma_addr, (char *)dma_addr + size, fd, offset, prot);
 
+    if (size > dma->max_size) {
+        vfu_log(dma->vfu_ctx, LOG_ERR, "DMA region size %zu > max %zu",
+                size, dma->max_size);
+        return ERROR_INT(ENOSPC);
+    }
+
     for (idx = 0; idx < dma->nregions; idx++) {
         region = &dma->regions[idx];