diff options
| author | Akihiko Odaki <akihiko.odaki@daynix.com> | 2024-06-27 15:07:54 +0900 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2024-07-03 18:14:07 -0400 |
| commit | 77718701157f6ca77ea7a57b536fa0a22f676082 (patch) | |
| tree | 3dce0b19d3e760eb9adb5d07a8afcddc2c0a23fe /hw/pci/pcie_sriov.c | |
| parent | c613ad25125bf3016aa8f81ce170f5ac91d2379f (diff) | |
| download | focaccia-qemu-77718701157f6ca77ea7a57b536fa0a22f676082.tar.gz focaccia-qemu-77718701157f6ca77ea7a57b536fa0a22f676082.zip | |
pcie_sriov: Ensure VF function number does not overflow
pci_new() aborts when creating a VF with a function number equals to or is greater than PCI_DEVFN_MAX. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20240627-reuse-v10-5-7ca0b8ed3d9f@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/pci/pcie_sriov.c')
| -rw-r--r-- | hw/pci/pcie_sriov.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 499becd527..f0bde0d3fc 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -24,14 +24,27 @@ static PCIDevice *register_vf(PCIDevice *pf, int devfn, const char *name, uint16_t vf_num); static void unregister_vfs(PCIDevice *dev); -void pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, +bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, const char *vfname, uint16_t vf_dev_id, uint16_t init_vfs, uint16_t total_vfs, - uint16_t vf_offset, uint16_t vf_stride) + uint16_t vf_offset, uint16_t vf_stride, + Error **errp) { uint8_t *cfg = dev->config + offset; uint8_t *wmask; + if (total_vfs) { + uint16_t ari_cap = pcie_find_capability(dev, PCI_EXT_CAP_ID_ARI); + uint16_t first_vf_devfn = dev->devfn + vf_offset; + uint16_t last_vf_devfn = first_vf_devfn + vf_stride * (total_vfs - 1); + + if ((!ari_cap && PCI_SLOT(dev->devfn) != PCI_SLOT(last_vf_devfn)) || + last_vf_devfn >= PCI_DEVFN_MAX) { + error_setg(errp, "VF function number overflows"); + return false; + } + } + pcie_add_capability(dev, PCI_EXT_CAP_ID_SRIOV, 1, offset, PCI_EXT_CAP_SRIOV_SIZEOF); dev->exp.sriov_cap = offset; @@ -69,6 +82,8 @@ void pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, pci_set_word(wmask + PCI_SRIOV_SYS_PGSIZE, 0x553); qdev_prop_set_bit(&dev->qdev, "multifunction", true); + + return true; } void pcie_sriov_pf_exit(PCIDevice *dev) |