| Message ID | 20211119081435.3237699-1-zhenyuw@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | vfio/pci: Fix OpRegion read | expand |
Thanks for the fix. The implicit ptr cast will incorrectly advance the pointer. Cast to byte is the correct step. Best Regards, Colin On Fri, Nov 19, 2021 at 4:14 PM Zhenyu Wang <zhenyuw@linux.intel.com> wrote: > > This is to fix incorrect pointer arithmetic which caused wrong > OpRegion version returned, then VM driver got error to get wanted > VBT block. We need to be safe to return correct data, so force > pointer type for byte access. > > Fixes: 49ba1a2976c8 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.") > Cc: Colin Xu <colin.xu@gmail.com> > Cc: Dmitry Torokhov <dtor@chromium.org> > Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> > --- > drivers/vfio/pci/vfio_pci_igd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c > index 56cd551e0e04..dad6eeed5e80 100644 > --- a/drivers/vfio/pci/vfio_pci_igd.c > +++ b/drivers/vfio/pci/vfio_pci_igd.c > @@ -98,7 +98,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > version = cpu_to_le16(0x0201); > > if (igd_opregion_shift_copy(buf, &off, > - &version + (pos - OPREGION_VERSION), > + (u8 *)&version + (pos - OPREGION_VERSION), > &pos, &remaining, bytes)) > return -EFAULT; > } > @@ -121,7 +121,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > OPREGION_SIZE : 0); > > if (igd_opregion_shift_copy(buf, &off, > - &rvda + (pos - OPREGION_RVDA), > + (u8 *)&rvda + (pos - OPREGION_RVDA), > &pos, &remaining, bytes)) > return -EFAULT; > } > -- > 2.33.1 >
Thanks and appreciated for the fix. Acked-by: Colin Xu <colin.xu@gmail.com> On Fri, Nov 19, 2021 at 4:14 PM Zhenyu Wang <zhenyuw@linux.intel.com> wrote: > > This is to fix incorrect pointer arithmetic which caused wrong > OpRegion version returned, then VM driver got error to get wanted > VBT block. We need to be safe to return correct data, so force > pointer type for byte access. > > Fixes: 49ba1a2976c8 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.") > Cc: Colin Xu <colin.xu@gmail.com> > Cc: Dmitry Torokhov <dtor@chromium.org> > Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> > --- > drivers/vfio/pci/vfio_pci_igd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c > index 56cd551e0e04..dad6eeed5e80 100644 > --- a/drivers/vfio/pci/vfio_pci_igd.c > +++ b/drivers/vfio/pci/vfio_pci_igd.c > @@ -98,7 +98,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > version = cpu_to_le16(0x0201); > > if (igd_opregion_shift_copy(buf, &off, > - &version + (pos - OPREGION_VERSION), > + (u8 *)&version + (pos - OPREGION_VERSION), > &pos, &remaining, bytes)) > return -EFAULT; > } > @@ -121,7 +121,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > OPREGION_SIZE : 0); > > if (igd_opregion_shift_copy(buf, &off, > - &rvda + (pos - OPREGION_RVDA), > + (u8 *)&rvda + (pos - OPREGION_RVDA), > &pos, &remaining, bytes)) > return -EFAULT; > } > -- > 2.33.1 >
diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c index 56cd551e0e04..dad6eeed5e80 100644 --- a/drivers/vfio/pci/vfio_pci_igd.c +++ b/drivers/vfio/pci/vfio_pci_igd.c @@ -98,7 +98,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, version = cpu_to_le16(0x0201); if (igd_opregion_shift_copy(buf, &off, - &version + (pos - OPREGION_VERSION), + (u8 *)&version + (pos - OPREGION_VERSION), &pos, &remaining, bytes)) return -EFAULT; } @@ -121,7 +121,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, OPREGION_SIZE : 0); if (igd_opregion_shift_copy(buf, &off, - &rvda + (pos - OPREGION_RVDA), + (u8 *)&rvda + (pos - OPREGION_RVDA), &pos, &remaining, bytes)) return -EFAULT; }
This is to fix incorrect pointer arithmetic which caused wrong OpRegion version returned, then VM driver got error to get wanted VBT block. We need to be safe to return correct data, so force pointer type for byte access. Fixes: 49ba1a2976c8 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.") Cc: Colin Xu <colin.xu@gmail.com> Cc: Dmitry Torokhov <dtor@chromium.org> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> --- drivers/vfio/pci/vfio_pci_igd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)