diff mbox series

[kvmtool,04/16] Check that a PCI device's memory size is power of two

Message ID 20191125103033.22694-5-alexandru.elisei@arm.com (mailing list archive)
State New, archived
Headers show
Series Add writable BARs and PCIE 1.1 support | expand

Commit Message

Alexandru Elisei Nov. 25, 2019, 10:30 a.m. UTC 
According to the PCI local bus specification [1], a device's memory size
must be a power of two. This is also implicit in the mechanism that a CPU
uses to get the memory size requirement for a PCI device.

The vesa device requests a memory size that isn't a power of two.
According to the same spec [1], a device is allowed to consume more memory
than it actually requires. As a result, the amount of memory that the vesa
device now reserves has been increased.

To prevent slip-ups in the future, a few BUILD_BUG_ON statements were added
in places where the memory size is known at compile time.

[1] PCI Local Bus Specification Revision 3.0, section 6.2.5.1

Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
---
 hw/vesa.c          | 2 ++
 include/kvm/util.h | 2 ++
 include/kvm/vesa.h | 6 +++++-
 vfio/pci.c         | 5 +++++
 virtio/pci.c       | 3 +++
 5 files changed, 17 insertions(+), 1 deletion(-)

Comments

Andre Przywara Nov. 27, 2019, 6:25 p.m. UTC | #1 
On Mon, 25 Nov 2019 10:30:21 +0000
Alexandru Elisei <alexandru.elisei@arm.com> wrote:

Hi,

> According to the PCI local bus specification [1], a device's memory size
> must be a power of two. This is also implicit in the mechanism that a CPU
> uses to get the memory size requirement for a PCI device.
> 
> The vesa device requests a memory size that isn't a power of two.
> According to the same spec [1], a device is allowed to consume more memory
> than it actually requires. As a result, the amount of memory that the vesa
> device now reserves has been increased.
> 
> To prevent slip-ups in the future, a few BUILD_BUG_ON statements were added
> in places where the memory size is known at compile time.
> 
> [1] PCI Local Bus Specification Revision 3.0, section 6.2.5.1
> 
> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
> ---
>  hw/vesa.c          | 2 ++
>  include/kvm/util.h | 2 ++
>  include/kvm/vesa.h | 6 +++++-
>  vfio/pci.c         | 5 +++++
>  virtio/pci.c       | 3 +++
>  5 files changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/vesa.c b/hw/vesa.c
> index f3c5114cf4fe..75670a51be5f 100644
> --- a/hw/vesa.c
> +++ b/hw/vesa.c
> @@ -58,6 +58,8 @@ struct framebuffer *vesa__init(struct kvm *kvm)
>  	char *mem;
>  	int r;
>  
> +	BUILD_BUG_ON(!is_power_of_two(VESA_MEM_SIZE));
> +
>  	if (!kvm->cfg.vnc && !kvm->cfg.sdl && !kvm->cfg.gtk)
>  		return NULL;
>  
> diff --git a/include/kvm/util.h b/include/kvm/util.h
> index 4ca7aa9392b6..e90f1c2db39f 100644
> --- a/include/kvm/util.h
> +++ b/include/kvm/util.h
> @@ -104,6 +104,8 @@ static inline unsigned long roundup_pow_of_two(unsigned long x)
>  	return x ? 1UL << fls_long(x - 1) : 0;
>  }
>  
> +#define is_power_of_two(x)	((x) ? ((x) & ((x) - 1)) == 0 : 0)

This gives weird results for negative values (which the kernel avoids by having this a static inline and using an unsigned type).
Not sure we care, but maybe (x > 0) ? ... would fix this?

> +
>  struct kvm;
>  void *mmap_hugetlbfs(struct kvm *kvm, const char *htlbfs_path, u64 size);
>  void *mmap_anon_or_hugetlbfs(struct kvm *kvm, const char *hugetlbfs_path, u64 size);
> diff --git a/include/kvm/vesa.h b/include/kvm/vesa.h
> index 0fac11ab5a9f..e7d971343642 100644
> --- a/include/kvm/vesa.h
> +++ b/include/kvm/vesa.h
> @@ -5,8 +5,12 @@
>  #define VESA_HEIGHT	480
>  
>  #define VESA_MEM_ADDR	0xd0000000
> -#define VESA_MEM_SIZE	(4*VESA_WIDTH*VESA_HEIGHT)
>  #define VESA_BPP	32
> +/*
> + * We actually only need VESA_BPP/8*VESA_WIDTH*VESA_HEIGHT bytes. But the memory
> + * size must be a power of 2, so we round up.
> + */
> +#define VESA_MEM_SIZE	(1 << 21)

I don't think it's worth calculating the value and rounding it up, but can we have a BUILD_BUG checking that VESA_MEM_SIZE is big enough to hold the framebuffer?

Cheers,
Andre

>  
>  struct kvm;
>  struct biosregs;
> diff --git a/vfio/pci.c b/vfio/pci.c
> index 76e24c156906..914732cc6897 100644
> --- a/vfio/pci.c
> +++ b/vfio/pci.c
> @@ -831,6 +831,11 @@ static int vfio_pci_configure_bar(struct kvm *kvm, struct vfio_device *vdev,
>  	/* Ignore invalid or unimplemented regions */
>  	if (!region->info.size)
>  		return 0;
> +	if (!is_power_of_two(region->info.size)) {
> +		vfio_dev_err(vdev, "region is not power of two: 0x%llx",
> +			     region->info.size);
> +		return -EINVAL;
> +	}
>  
>  	if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSIX) {
>  		/* Trap and emulate MSI-X table */
> diff --git a/virtio/pci.c b/virtio/pci.c
> index 99653cad2c0f..04e801827df9 100644
> --- a/virtio/pci.c
> +++ b/virtio/pci.c
> @@ -435,6 +435,9 @@ int virtio_pci__init(struct kvm *kvm, void *dev, struct virtio_device *vdev,
>  	vpci->kvm = kvm;
>  	vpci->dev = dev;
>  
> +	BUILD_BUG_ON(!is_power_of_two(IOPORT_SIZE));
> +	BUILD_BUG_ON(!is_power_of_two(PCI_IO_SIZE));
> +
>  	r = ioport__register(kvm, IOPORT_EMPTY, &virtio_pci__io_ops, IOPORT_SIZE, vdev);
>  	if (r < 0)
>  		return r;
Alexandru Elisei Jan. 15, 2020, 12:43 p.m. UTC | #2 
Hi,

On 11/27/19 6:25 PM, Andre Przywara wrote:
> On Mon, 25 Nov 2019 10:30:21 +0000
> Alexandru Elisei <alexandru.elisei@arm.com> wrote:
>
> Hi,
>
>> According to the PCI local bus specification [1], a device's memory size
>> must be a power of two. This is also implicit in the mechanism that a CPU
>> uses to get the memory size requirement for a PCI device.
>>
>> The vesa device requests a memory size that isn't a power of two.
>> According to the same spec [1], a device is allowed to consume more memory
>> than it actually requires. As a result, the amount of memory that the vesa
>> device now reserves has been increased.
>>
>> To prevent slip-ups in the future, a few BUILD_BUG_ON statements were added
>> in places where the memory size is known at compile time.
>>
>> [1] PCI Local Bus Specification Revision 3.0, section 6.2.5.1
>>
>> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
>> ---
>>  hw/vesa.c          | 2 ++
>>  include/kvm/util.h | 2 ++
>>  include/kvm/vesa.h | 6 +++++-
>>  vfio/pci.c         | 5 +++++
>>  virtio/pci.c       | 3 +++
>>  5 files changed, 17 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/vesa.c b/hw/vesa.c
>> index f3c5114cf4fe..75670a51be5f 100644
>> --- a/hw/vesa.c
>> +++ b/hw/vesa.c
>> @@ -58,6 +58,8 @@ struct framebuffer *vesa__init(struct kvm *kvm)
>>  	char *mem;
>>  	int r;
>>  
>> +	BUILD_BUG_ON(!is_power_of_two(VESA_MEM_SIZE));
>> +
>>  	if (!kvm->cfg.vnc && !kvm->cfg.sdl && !kvm->cfg.gtk)
>>  		return NULL;
>>  
>> diff --git a/include/kvm/util.h b/include/kvm/util.h
>> index 4ca7aa9392b6..e90f1c2db39f 100644
>> --- a/include/kvm/util.h
>> +++ b/include/kvm/util.h
>> @@ -104,6 +104,8 @@ static inline unsigned long roundup_pow_of_two(unsigned long x)
>>  	return x ? 1UL << fls_long(x - 1) : 0;
>>  }
>>  
>> +#define is_power_of_two(x)	((x) ? ((x) & ((x) - 1)) == 0 : 0)
> This gives weird results for negative values (which the kernel avoids by having this a static inline and using an unsigned type).
> Not sure we care, but maybe (x > 0) ? ... would fix this?

Good point, I will fix it by changing the implicit comparison against 0 at the
beginning with (x) > 0.

>
>> +
>>  struct kvm;
>>  void *mmap_hugetlbfs(struct kvm *kvm, const char *htlbfs_path, u64 size);
>>  void *mmap_anon_or_hugetlbfs(struct kvm *kvm, const char *hugetlbfs_path, u64 size);
>> diff --git a/include/kvm/vesa.h b/include/kvm/vesa.h
>> index 0fac11ab5a9f..e7d971343642 100644
>> --- a/include/kvm/vesa.h
>> +++ b/include/kvm/vesa.h
>> @@ -5,8 +5,12 @@
>>  #define VESA_HEIGHT	480
>>  
>>  #define VESA_MEM_ADDR	0xd0000000
>> -#define VESA_MEM_SIZE	(4*VESA_WIDTH*VESA_HEIGHT)
>>  #define VESA_BPP	32
>> +/*
>> + * We actually only need VESA_BPP/8*VESA_WIDTH*VESA_HEIGHT bytes. But the memory
>> + * size must be a power of 2, so we round up.
>> + */
>> +#define VESA_MEM_SIZE	(1 << 21)
> I don't think it's worth calculating the value and rounding it up, but can we have a BUILD_BUG checking that VESA_MEM_SIZE is big enough to hold the framebuffer?

I'm not sure what you mean. The current value of VESA_MEM_SIZE is not a power of
two, which breaks the spec. That's the reason for changing it. Are you suggesting
that we keep VESA_MEM_SIZE = 1 << 21, we remove the power_of_two check and add a
BUILD_BUG on VESA_MEM_SIZE < 4 * VESA_WIDTH * VESA_HEIGHT?

Thanks,
Alex
>
> Cheers,
> Andre
>
>>  
>>  struct kvm;
>>  struct biosregs;
>> diff --git a/vfio/pci.c b/vfio/pci.c
>> index 76e24c156906..914732cc6897 100644
>> --- a/vfio/pci.c
>> +++ b/vfio/pci.c
>> @@ -831,6 +831,11 @@ static int vfio_pci_configure_bar(struct kvm *kvm, struct vfio_device *vdev,
>>  	/* Ignore invalid or unimplemented regions */
>>  	if (!region->info.size)
>>  		return 0;
>> +	if (!is_power_of_two(region->info.size)) {
>> +		vfio_dev_err(vdev, "region is not power of two: 0x%llx",
>> +			     region->info.size);
>> +		return -EINVAL;
>> +	}
>>  
>>  	if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSIX) {
>>  		/* Trap and emulate MSI-X table */
>> diff --git a/virtio/pci.c b/virtio/pci.c
>> index 99653cad2c0f..04e801827df9 100644
>> --- a/virtio/pci.c
>> +++ b/virtio/pci.c
>> @@ -435,6 +435,9 @@ int virtio_pci__init(struct kvm *kvm, void *dev, struct virtio_device *vdev,
>>  	vpci->kvm = kvm;
>>  	vpci->dev = dev;
>>  
>> +	BUILD_BUG_ON(!is_power_of_two(IOPORT_SIZE));
>> +	BUILD_BUG_ON(!is_power_of_two(PCI_IO_SIZE));
>> +
>>  	r = ioport__register(kvm, IOPORT_EMPTY, &virtio_pci__io_ops, IOPORT_SIZE, vdev);
>>  	if (r < 0)
>>  		return r;
Andre Przywara Jan. 15, 2020, 2:07 p.m. UTC | #3 
On Wed, 15 Jan 2020 12:43:20 +0000
Alexandru Elisei <alexandru.elisei@arm.com> wrote:

> Hi,
> 
> On 11/27/19 6:25 PM, Andre Przywara wrote:
> > On Mon, 25 Nov 2019 10:30:21 +0000
> > Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> >
> > Hi,
> >  
> >> According to the PCI local bus specification [1], a device's memory size
> >> must be a power of two. This is also implicit in the mechanism that a CPU
> >> uses to get the memory size requirement for a PCI device.
> >>
> >> The vesa device requests a memory size that isn't a power of two.
> >> According to the same spec [1], a device is allowed to consume more memory
> >> than it actually requires. As a result, the amount of memory that the vesa
> >> device now reserves has been increased.
> >>
> >> To prevent slip-ups in the future, a few BUILD_BUG_ON statements were added
> >> in places where the memory size is known at compile time.
> >>
> >> [1] PCI Local Bus Specification Revision 3.0, section 6.2.5.1
> >>
> >> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
> >> ---
> >>  hw/vesa.c          | 2 ++
> >>  include/kvm/util.h | 2 ++
> >>  include/kvm/vesa.h | 6 +++++-
> >>  vfio/pci.c         | 5 +++++
> >>  virtio/pci.c       | 3 +++
> >>  5 files changed, 17 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/hw/vesa.c b/hw/vesa.c
> >> index f3c5114cf4fe..75670a51be5f 100644
> >> --- a/hw/vesa.c
> >> +++ b/hw/vesa.c
> >> @@ -58,6 +58,8 @@ struct framebuffer *vesa__init(struct kvm *kvm)
> >>  	char *mem;
> >>  	int r;
> >>  
> >> +	BUILD_BUG_ON(!is_power_of_two(VESA_MEM_SIZE));
> >> +
> >>  	if (!kvm->cfg.vnc && !kvm->cfg.sdl && !kvm->cfg.gtk)
> >>  		return NULL;
> >>  
> >> diff --git a/include/kvm/util.h b/include/kvm/util.h
> >> index 4ca7aa9392b6..e90f1c2db39f 100644
> >> --- a/include/kvm/util.h
> >> +++ b/include/kvm/util.h
> >> @@ -104,6 +104,8 @@ static inline unsigned long roundup_pow_of_two(unsigned long x)
> >>  	return x ? 1UL << fls_long(x - 1) : 0;
> >>  }
> >>  
> >> +#define is_power_of_two(x)	((x) ? ((x) & ((x) - 1)) == 0 : 0)  
> > This gives weird results for negative values (which the kernel avoids by having this a static inline and using an unsigned type).
> > Not sure we care, but maybe (x > 0) ? ... would fix this?  
> 
> Good point, I will fix it by changing the implicit comparison against 0 at the
> beginning with (x) > 0.
> 
> >  
> >> +
> >>  struct kvm;
> >>  void *mmap_hugetlbfs(struct kvm *kvm, const char *htlbfs_path, u64 size);
> >>  void *mmap_anon_or_hugetlbfs(struct kvm *kvm, const char *hugetlbfs_path, u64 size);
> >> diff --git a/include/kvm/vesa.h b/include/kvm/vesa.h
> >> index 0fac11ab5a9f..e7d971343642 100644
> >> --- a/include/kvm/vesa.h
> >> +++ b/include/kvm/vesa.h
> >> @@ -5,8 +5,12 @@
> >>  #define VESA_HEIGHT	480
> >>  
> >>  #define VESA_MEM_ADDR	0xd0000000
> >> -#define VESA_MEM_SIZE	(4*VESA_WIDTH*VESA_HEIGHT)
> >>  #define VESA_BPP	32
> >> +/*
> >> + * We actually only need VESA_BPP/8*VESA_WIDTH*VESA_HEIGHT bytes. But the memory
> >> + * size must be a power of 2, so we round up.
> >> + */
> >> +#define VESA_MEM_SIZE	(1 << 21)  
> > I don't think it's worth calculating the value and rounding it up, but can we have a BUILD_BUG checking that VESA_MEM_SIZE is big enough to hold the framebuffer?  
> 
> I'm not sure what you mean. The current value of VESA_MEM_SIZE is not a power of
> two, which breaks the spec. That's the reason for changing it. Are you suggesting
> that we keep VESA_MEM_SIZE = 1 << 21, we remove the power_of_two check and add a
> BUILD_BUG on VESA_MEM_SIZE < 4 * VESA_WIDTH * VESA_HEIGHT?

Only the latter, so keep the power_of_two check, but add the BUILD_BUG with the comparison. So that it breaks if someone increases the width or height.

Cheers,
Andre.

> >>  struct kvm;
> >>  struct biosregs;
> >> diff --git a/vfio/pci.c b/vfio/pci.c
> >> index 76e24c156906..914732cc6897 100644
> >> --- a/vfio/pci.c
> >> +++ b/vfio/pci.c
> >> @@ -831,6 +831,11 @@ static int vfio_pci_configure_bar(struct kvm *kvm, struct vfio_device *vdev,
> >>  	/* Ignore invalid or unimplemented regions */
> >>  	if (!region->info.size)
> >>  		return 0;
> >> +	if (!is_power_of_two(region->info.size)) {
> >> +		vfio_dev_err(vdev, "region is not power of two: 0x%llx",
> >> +			     region->info.size);
> >> +		return -EINVAL;
> >> +	}
> >>  
> >>  	if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSIX) {
> >>  		/* Trap and emulate MSI-X table */
> >> diff --git a/virtio/pci.c b/virtio/pci.c
> >> index 99653cad2c0f..04e801827df9 100644
> >> --- a/virtio/pci.c
> >> +++ b/virtio/pci.c
> >> @@ -435,6 +435,9 @@ int virtio_pci__init(struct kvm *kvm, void *dev, struct virtio_device *vdev,
> >>  	vpci->kvm = kvm;
> >>  	vpci->dev = dev;
> >>  
> >> +	BUILD_BUG_ON(!is_power_of_two(IOPORT_SIZE));
> >> +	BUILD_BUG_ON(!is_power_of_two(PCI_IO_SIZE));
> >> +
> >>  	r = ioport__register(kvm, IOPORT_EMPTY, &virtio_pci__io_ops, IOPORT_SIZE, vdev);
> >>  	if (r < 0)
> >>  		return r;
Alexandru Elisei Jan. 15, 2020, 3 p.m. UTC | #4 
Hi,

On 1/15/20 2:07 PM, Andre Przywara wrote:
> On Wed, 15 Jan 2020 12:43:20 +0000
> Alexandru Elisei <alexandru.elisei@arm.com> wrote:
>
>> Hi,
>>
>> On 11/27/19 6:25 PM, Andre Przywara wrote:
>>> On Mon, 25 Nov 2019 10:30:21 +0000
>>> Alexandru Elisei <alexandru.elisei@arm.com> wrote:
>>>
>>> Hi,
>>>  
>>>> According to the PCI local bus specification [1], a device's memory size
>>>> must be a power of two. This is also implicit in the mechanism that a CPU
>>>> uses to get the memory size requirement for a PCI device.
>>>>
>>>> The vesa device requests a memory size that isn't a power of two.
>>>> According to the same spec [1], a device is allowed to consume more memory
>>>> than it actually requires. As a result, the amount of memory that the vesa
>>>> device now reserves has been increased.
>>>>
>>>> To prevent slip-ups in the future, a few BUILD_BUG_ON statements were added
>>>> in places where the memory size is known at compile time.
>>>>
>>>> [1] PCI Local Bus Specification Revision 3.0, section 6.2.5.1
>>>>
>>>> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
>>>> ---
>>>>  hw/vesa.c          | 2 ++
>>>>  include/kvm/util.h | 2 ++
>>>>  include/kvm/vesa.h | 6 +++++-
>>>>  vfio/pci.c         | 5 +++++
>>>>  virtio/pci.c       | 3 +++
>>>>  5 files changed, 17 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/hw/vesa.c b/hw/vesa.c
>>>> index f3c5114cf4fe..75670a51be5f 100644
>>>> --- a/hw/vesa.c
>>>> +++ b/hw/vesa.c
>>>> @@ -58,6 +58,8 @@ struct framebuffer *vesa__init(struct kvm *kvm)
>>>>  	char *mem;
>>>>  	int r;
>>>>  
>>>> +	BUILD_BUG_ON(!is_power_of_two(VESA_MEM_SIZE));
>>>> +
>>>>  	if (!kvm->cfg.vnc && !kvm->cfg.sdl && !kvm->cfg.gtk)
>>>>  		return NULL;
>>>>  
>>>> diff --git a/include/kvm/util.h b/include/kvm/util.h
>>>> index 4ca7aa9392b6..e90f1c2db39f 100644
>>>> --- a/include/kvm/util.h
>>>> +++ b/include/kvm/util.h
>>>> @@ -104,6 +104,8 @@ static inline unsigned long roundup_pow_of_two(unsigned long x)
>>>>  	return x ? 1UL << fls_long(x - 1) : 0;
>>>>  }
>>>>  
>>>> +#define is_power_of_two(x)	((x) ? ((x) & ((x) - 1)) == 0 : 0)  
>>> This gives weird results for negative values (which the kernel avoids by having this a static inline and using an unsigned type).
>>> Not sure we care, but maybe (x > 0) ? ... would fix this?  
>> Good point, I will fix it by changing the implicit comparison against 0 at the
>> beginning with (x) > 0.
>>
>>>  
>>>> +
>>>>  struct kvm;
>>>>  void *mmap_hugetlbfs(struct kvm *kvm, const char *htlbfs_path, u64 size);
>>>>  void *mmap_anon_or_hugetlbfs(struct kvm *kvm, const char *hugetlbfs_path, u64 size);
>>>> diff --git a/include/kvm/vesa.h b/include/kvm/vesa.h
>>>> index 0fac11ab5a9f..e7d971343642 100644
>>>> --- a/include/kvm/vesa.h
>>>> +++ b/include/kvm/vesa.h
>>>> @@ -5,8 +5,12 @@
>>>>  #define VESA_HEIGHT	480
>>>>  
>>>>  #define VESA_MEM_ADDR	0xd0000000
>>>> -#define VESA_MEM_SIZE	(4*VESA_WIDTH*VESA_HEIGHT)
>>>>  #define VESA_BPP	32
>>>> +/*
>>>> + * We actually only need VESA_BPP/8*VESA_WIDTH*VESA_HEIGHT bytes. But the memory
>>>> + * size must be a power of 2, so we round up.
>>>> + */
>>>> +#define VESA_MEM_SIZE	(1 << 21)  
>>> I don't think it's worth calculating the value and rounding it up, but can we have a BUILD_BUG checking that VESA_MEM_SIZE is big enough to hold the framebuffer?  
>> I'm not sure what you mean. The current value of VESA_MEM_SIZE is not a power of
>> two, which breaks the spec. That's the reason for changing it. Are you suggesting
>> that we keep VESA_MEM_SIZE = 1 << 21, we remove the power_of_two check and add a
>> BUILD_BUG on VESA_MEM_SIZE < 4 * VESA_WIDTH * VESA_HEIGHT?
> Only the latter, so keep the power_of_two check, but add the BUILD_BUG with the comparison. So that it breaks if someone increases the width or height.

Makes sense, I'll do that.

Thanks,
Alex
>
> Cheers,
> Andre.
>
>>>>  struct kvm;
>>>>  struct biosregs;
>>>> diff --git a/vfio/pci.c b/vfio/pci.c
>>>> index 76e24c156906..914732cc6897 100644
>>>> --- a/vfio/pci.c
>>>> +++ b/vfio/pci.c
>>>> @@ -831,6 +831,11 @@ static int vfio_pci_configure_bar(struct kvm *kvm, struct vfio_device *vdev,
>>>>  	/* Ignore invalid or unimplemented regions */
>>>>  	if (!region->info.size)
>>>>  		return 0;
>>>> +	if (!is_power_of_two(region->info.size)) {
>>>> +		vfio_dev_err(vdev, "region is not power of two: 0x%llx",
>>>> +			     region->info.size);
>>>> +		return -EINVAL;
>>>> +	}
>>>>  
>>>>  	if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSIX) {
>>>>  		/* Trap and emulate MSI-X table */
>>>> diff --git a/virtio/pci.c b/virtio/pci.c
>>>> index 99653cad2c0f..04e801827df9 100644
>>>> --- a/virtio/pci.c
>>>> +++ b/virtio/pci.c
>>>> @@ -435,6 +435,9 @@ int virtio_pci__init(struct kvm *kvm, void *dev, struct virtio_device *vdev,
>>>>  	vpci->kvm = kvm;
>>>>  	vpci->dev = dev;
>>>>  
>>>> +	BUILD_BUG_ON(!is_power_of_two(IOPORT_SIZE));
>>>> +	BUILD_BUG_ON(!is_power_of_two(PCI_IO_SIZE));
>>>> +
>>>>  	r = ioport__register(kvm, IOPORT_EMPTY, &virtio_pci__io_ops, IOPORT_SIZE, vdev);
>>>>  	if (r < 0)
>>>>  		return r;
diff mbox series

Patch

diff --git a/hw/vesa.c b/hw/vesa.c
index f3c5114cf4fe..75670a51be5f 100644
--- a/hw/vesa.c
+++ b/hw/vesa.c
@@ -58,6 +58,8 @@  struct framebuffer *vesa__init(struct kvm *kvm)
 	char *mem;
 	int r;
 
+	BUILD_BUG_ON(!is_power_of_two(VESA_MEM_SIZE));
+
 	if (!kvm->cfg.vnc && !kvm->cfg.sdl && !kvm->cfg.gtk)
 		return NULL;
 
diff --git a/include/kvm/util.h b/include/kvm/util.h
index 4ca7aa9392b6..e90f1c2db39f 100644
--- a/include/kvm/util.h
+++ b/include/kvm/util.h
@@ -104,6 +104,8 @@  static inline unsigned long roundup_pow_of_two(unsigned long x)
 	return x ? 1UL << fls_long(x - 1) : 0;
 }
 
+#define is_power_of_two(x)	((x) ? ((x) & ((x) - 1)) == 0 : 0)
+
 struct kvm;
 void *mmap_hugetlbfs(struct kvm *kvm, const char *htlbfs_path, u64 size);
 void *mmap_anon_or_hugetlbfs(struct kvm *kvm, const char *hugetlbfs_path, u64 size);
diff --git a/include/kvm/vesa.h b/include/kvm/vesa.h
index 0fac11ab5a9f..e7d971343642 100644
--- a/include/kvm/vesa.h
+++ b/include/kvm/vesa.h
@@ -5,8 +5,12 @@ 
 #define VESA_HEIGHT	480
 
 #define VESA_MEM_ADDR	0xd0000000
-#define VESA_MEM_SIZE	(4*VESA_WIDTH*VESA_HEIGHT)
 #define VESA_BPP	32
+/*
+ * We actually only need VESA_BPP/8*VESA_WIDTH*VESA_HEIGHT bytes. But the memory
+ * size must be a power of 2, so we round up.
+ */
+#define VESA_MEM_SIZE	(1 << 21)
 
 struct kvm;
 struct biosregs;
diff --git a/vfio/pci.c b/vfio/pci.c
index 76e24c156906..914732cc6897 100644
--- a/vfio/pci.c
+++ b/vfio/pci.c
@@ -831,6 +831,11 @@  static int vfio_pci_configure_bar(struct kvm *kvm, struct vfio_device *vdev,
 	/* Ignore invalid or unimplemented regions */
 	if (!region->info.size)
 		return 0;
+	if (!is_power_of_two(region->info.size)) {
+		vfio_dev_err(vdev, "region is not power of two: 0x%llx",
+			     region->info.size);
+		return -EINVAL;
+	}
 
 	if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSIX) {
 		/* Trap and emulate MSI-X table */
diff --git a/virtio/pci.c b/virtio/pci.c
index 99653cad2c0f..04e801827df9 100644
--- a/virtio/pci.c
+++ b/virtio/pci.c
@@ -435,6 +435,9 @@  int virtio_pci__init(struct kvm *kvm, void *dev, struct virtio_device *vdev,
 	vpci->kvm = kvm;
 	vpci->dev = dev;
 
+	BUILD_BUG_ON(!is_power_of_two(IOPORT_SIZE));
+	BUILD_BUG_ON(!is_power_of_two(PCI_IO_SIZE));
+
 	r = ioport__register(kvm, IOPORT_EMPTY, &virtio_pci__io_ops, IOPORT_SIZE, vdev);
 	if (r < 0)
 		return r;