hw/nvme: error handling for too many mappings

If the number of PRP/SGL mappings exceed 1024, reads and writes will
fail because of an internal QEMU limitation of max 1024 vectors.

Signed-off-by: Padmakar Kalghatgi <p.kalghatgi@samsung.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
[k.jensen: changed the error message to be more generic]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
This commit is contained in:
Padmakar Kalghatgi 2021-07-09 07:58:40 +02:00 committed by Klaus Jensen
parent b0fde9e861
commit 234214734f
2 changed files with 14 additions and 0 deletions

View File

@ -623,6 +623,10 @@ static uint16_t nvme_map_addr(NvmeCtrl *n, NvmeSg *sg, hwaddr addr, size_t len)
return NVME_INVALID_USE_OF_CMB | NVME_DNR; return NVME_INVALID_USE_OF_CMB | NVME_DNR;
} }
if (sg->iov.niov + 1 > IOV_MAX) {
goto max_mappings_exceeded;
}
if (cmb) { if (cmb) {
return nvme_map_addr_cmb(n, &sg->iov, addr, len); return nvme_map_addr_cmb(n, &sg->iov, addr, len);
} else { } else {
@ -634,9 +638,18 @@ static uint16_t nvme_map_addr(NvmeCtrl *n, NvmeSg *sg, hwaddr addr, size_t len)
return NVME_INVALID_USE_OF_CMB | NVME_DNR; return NVME_INVALID_USE_OF_CMB | NVME_DNR;
} }
if (sg->qsg.nsg + 1 > IOV_MAX) {
goto max_mappings_exceeded;
}
qemu_sglist_add(&sg->qsg, addr, len); qemu_sglist_add(&sg->qsg, addr, len);
return NVME_SUCCESS; return NVME_SUCCESS;
max_mappings_exceeded:
NVME_GUEST_ERR(pci_nvme_ub_too_many_mappings,
"number of mappings exceed 1024");
return NVME_INTERNAL_DEV_ERROR | NVME_DNR;
} }
static inline bool nvme_addr_is_dma(NvmeCtrl *n, hwaddr addr) static inline bool nvme_addr_is_dma(NvmeCtrl *n, hwaddr addr)

View File

@ -199,3 +199,4 @@ pci_nvme_ub_db_wr_invalid_cqhead(uint32_t qid, uint16_t new_head) "completion qu
pci_nvme_ub_db_wr_invalid_sq(uint32_t qid) "submission queue doorbell write for nonexistent queue, sqid=%"PRIu32", ignoring" pci_nvme_ub_db_wr_invalid_sq(uint32_t qid) "submission queue doorbell write for nonexistent queue, sqid=%"PRIu32", ignoring"
pci_nvme_ub_db_wr_invalid_sqtail(uint32_t qid, uint16_t new_tail) "submission queue doorbell write value beyond queue size, sqid=%"PRIu32", new_head=%"PRIu16", ignoring" pci_nvme_ub_db_wr_invalid_sqtail(uint32_t qid, uint16_t new_tail) "submission queue doorbell write value beyond queue size, sqid=%"PRIu32", new_head=%"PRIu16", ignoring"
pci_nvme_ub_unknown_css_value(void) "unknown value in cc.css field" pci_nvme_ub_unknown_css_value(void) "unknown value in cc.css field"
pci_nvme_ub_too_many_mappings(void) "too many prp/sgl mappings"