Commit 0d6e5e8d authored by Zhu Lingshan's avatar Zhu Lingshan Committed by Michael S. Tsirkin
Browse files

vDPA/ifcvf: get_config_size should return a value no greater than dev implementation 



Drivers must not access a BAR outside the capability length,
and for a virtio device, ifcvf driver should not report any non-standard
capability contents to the upper layers.

Function ifcvf_get_config_size() is introduced here to return a safe value
of the device config capability size.

Signed-off-by: default avatarZhu Lingshan <lingshan.zhu@intel.com>
Message-Id: <20220722115309.82746-2-lingshan.zhu@intel.com>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent f49c2226

drivers/vdpa/ifcvf/ifcvf_base.c

+11 −2
Original line number Diff line number Diff line
@@ -127,6 +127,7 @@ int ifcvf_init_hw(struct ifcvf_hw *hw, struct pci_dev *pdev) 
			break;

		case VIRTIO_PCI_CAP_DEVICE_CFG:

			hw->dev_cfg = get_cap_addr(hw, &cap);

			hw->cap_dev_config_size = le32_to_cpu(cap.length);

			IFCVF_DBG(pdev, "hw->dev_cfg = %p\n", hw->dev_cfg);

			break;

		}
@@ -232,15 +233,23 @@ int ifcvf_verify_min_features(struct ifcvf_hw *hw, u64 features) 
u32 ifcvf_get_config_size(struct ifcvf_hw *hw)

{

	struct ifcvf_adapter *adapter;

	u32 net_config_size = sizeof(struct virtio_net_config);

	u32 blk_config_size = sizeof(struct virtio_blk_config);

	u32 cap_size = hw->cap_dev_config_size;

	u32 config_size;



	adapter = vf_to_adapter(hw);

	/* If the onboard device config space size is greater than

	 * the size of struct virtio_net/blk_config, only the spec

	 * implementing contents size is returned, this is very

	 * unlikely, defensive programming.

	 */

	switch (hw->dev_type) {

	case VIRTIO_ID_NET:

		config_size = sizeof(struct virtio_net_config);

		config_size = min(cap_size, net_config_size);

		break;

	case VIRTIO_ID_BLOCK:

		config_size = sizeof(struct virtio_blk_config);

		config_size = min(cap_size, blk_config_size);

		break;

	default:

		config_size = 0;

drivers/vdpa/ifcvf/ifcvf_base.h

+2 −0
Original line number Diff line number Diff line
@@ -87,6 +87,8 @@ struct ifcvf_hw { 
	int config_irq;

	int vqs_reused_irq;

	u16 nr_vring;

	/* VIRTIO_PCI_CAP_DEVICE_CFG size */

	u32 cap_dev_config_size;

};



struct ifcvf_adapter {