Commit 8704e893 authored Nov 25, 2021 by Zhenyu Wang Committed by Alex Williamson Nov 30, 2021

vfio/pci: Fix OpRegion read



This is to fix incorrect pointer arithmetic which caused wrong
OpRegion version returned, then VM driver got error to get wanted
VBT block. We need to be safe to return correct data, so force
pointer type for byte access.

Fixes: 49ba1a29 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.")
Cc: Colin Xu <colin.xu@gmail.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Dmitry Torokhov <dtor@chromium.org>
Cc: "Xu, Terrence" <terrence.xu@intel.com>
Cc: "Gao, Fred" <fred.gao@intel.com>
Acked-by: Colin Xu <colin.xu@gmail.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: https://lore.kernel.org/r/20211125051328.3359902-1-zhenyuw@linux.intel.com


[aw: line wrap]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

parent 3b9a2d57

drivers/vfio/pci/vfio_pci_igd.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -98,7 +98,8 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev,
		version = cpu_to_le16(0x0201);

		if (igd_opregion_shift_copy(buf, &off,
		&version + (pos - OPREGION_VERSION),
		(u8 *)&version +
		(pos - OPREGION_VERSION),
		&pos, &remaining, bytes))
		return -EFAULT;
		}
		@@ -121,7 +122,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev,
		OPREGION_SIZE : 0);

		if (igd_opregion_shift_copy(buf, &off,
		&rvda + (pos - OPREGION_RVDA),
		(u8 *)&rvda + (pos - OPREGION_RVDA),
		&pos, &remaining, bytes))
		return -EFAULT;
		}