Commit 8704e893 authored by Zhenyu Wang's avatar Zhenyu Wang Committed by Alex Williamson

vfio/pci: Fix OpRegion read

This is to fix incorrect pointer arithmetic which caused wrong
OpRegion version returned, then VM driver got error to get wanted
VBT block. We need to be safe to return correct data, so force
pointer type for byte access.

Fixes: 49ba1a29 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.")
Cc: Colin Xu <colin.xu@gmail.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Dmitry Torokhov <dtor@chromium.org>
Cc: "Xu, Terrence" <terrence.xu@intel.com>
Cc: "Gao, Fred" <fred.gao@intel.com>
Acked-by: default avatarColin Xu <colin.xu@gmail.com>
Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
Link: https://lore.kernel.org/r/20211125051328.3359902-1-zhenyuw@linux.intel.com
[aw: line wrap]
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent 3b9a2d57
...@@ -98,7 +98,8 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, ...@@ -98,7 +98,8 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev,
version = cpu_to_le16(0x0201); version = cpu_to_le16(0x0201);
if (igd_opregion_shift_copy(buf, &off, if (igd_opregion_shift_copy(buf, &off,
&version + (pos - OPREGION_VERSION), (u8 *)&version +
(pos - OPREGION_VERSION),
&pos, &remaining, bytes)) &pos, &remaining, bytes))
return -EFAULT; return -EFAULT;
} }
...@@ -121,7 +122,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, ...@@ -121,7 +122,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev,
OPREGION_SIZE : 0); OPREGION_SIZE : 0);
if (igd_opregion_shift_copy(buf, &off, if (igd_opregion_shift_copy(buf, &off,
&rvda + (pos - OPREGION_RVDA), (u8 *)&rvda + (pos - OPREGION_RVDA),
&pos, &remaining, bytes)) &pos, &remaining, bytes))
return -EFAULT; return -EFAULT;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment