On Tue, Jun 01, 2021 at 08:07:48PM +0530, Gollu Appalanaidu wrote:
> @@ -5546,6 +5665,47 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset,
> uint64_t data,
> NVME_GUEST_ERR(pci_nvme_ub_mmiowr_cmbsz_readonly,
> "invalid write to read only CMBSZ, ignored");
> return;
> + case 0x44: /* BPRSEL */
> + n->bar.bprsel = data & 0xffffffff;
> + size_t bp_len = NVME_BPRSEL_BPRSZ(n->bar.bprsel) * 4 * KiB;
> + int64_t bp_offset = NVME_BPRSEL_BPROF(n->bar.bprsel) * 4 * KiB;
> + int64_t off = 0;
> + struct nvme_bp_read_ctx *ctx;
> +
> + trace_pci_nvme_mmio_bprsel(data, n->bar.bprsel,
> + NVME_BPRSEL_BPID(n->bar.bpinfo),
> + bp_offset, bp_len);
> +
> + if (bp_len + bp_offset > n->bp_size) {
> + NVME_BPINFO_CLEAR_BRS(n->bar.bpinfo);
> + NVME_BPINFO_SET_BRS(n->bar.bpinfo, NVME_BPINFO_BRS_ERROR);
> + return;
> + }
> +
> + off = NVME_BPRSEL_BPID(n->bar.bpinfo) * n->bp_size + bp_offset;
> +
> + NVME_BPINFO_CLEAR_BRS(n->bar.bpinfo);
> + NVME_BPINFO_SET_BRS(n->bar.bpinfo, NVME_BPINFO_BRS_READING);
> +
> + ctx = g_new(struct nvme_bp_read_ctx, 1);
> +
> + ctx->n = n;
> +
> + pci_dma_sglist_init(&ctx->qsg, &n->parent_obj, 1);
> +
> + qemu_sglist_add(&ctx->qsg, n->bar.bpmbl, bp_len);
> +
> + dma_blk_read(n->blk_bp, &ctx->qsg, off , BDRV_SECTOR_SIZE,
> + nvme_bp_read_cb, ctx);The returned BlockAIOCB is not stored. Two questions: 1. Can the guest allocate unbounded amounts of QEMU memory (struct nvme_bp_read_ctx) by repeatedly writing to this register? 2. What happens if the NVMe device is hot unplugged or reset while a boot partition read request is in flight?
signature.asc
Description: PGP signature
