diff options
| author | Alexandru Elisei <alexandru.elisei@arm.com> | 2020-04-14 15:39:40 +0100 |
|---|---|---|
| committer | Will Deacon <will@kernel.org> | 2020-04-15 16:27:17 +0100 |
| commit | 5b7fef16262a09d37be4760fca1bfbb4edd48984 (patch) | |
| tree | 25cb9728e28f1bcbf8d80483ab5eb0a0e4015b78 | |
| parent | 84998f21b3c758233e7d8b3d1681d69f9d65ce14 (diff) | |
| download | kvmtool-5b7fef16262a09d37be4760fca1bfbb4edd48984.tar.gz | |
vfio/pci: Ignore expansion ROM BAR writes
To get the size of the expansion ROM, software writes 0xfffff800 to the
expansion ROM BAR in the PCI configuration space. PCI emulation executes
the optional configuration space write callback that a device can implement
before emulating this write.
kvmtool's implementation of VFIO doesn't have support for emulating
expansion ROMs. However, the callback writes the guest value to the
hardware BAR, and then it reads it back to the emulated BAR to make sure
the write has completed successfully.
After this, we return to regular PCI emulation and because the BAR is no
longer 0, we write back to the BAR the value that the guest used to get the
size. As a result, the guest will think that the ROM size is 0x800 after
the subsequent read and we end up unintentionally exposing to the guest a
BAR which we don't emulate.
Let's fix this by ignoring writes to the expansion ROM BAR.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
| -rw-r--r-- | vfio/pci.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -472,6 +472,9 @@ static void vfio_pci_cfg_write(struct kvm *kvm, struct pci_device_header *pci_hd struct vfio_device *vdev; void *base = pci_hdr; + if (offset == PCI_ROM_ADDRESS) + return; + pdev = container_of(pci_hdr, struct vfio_pci_device, hdr); vdev = container_of(pdev, struct vfio_device, pci); info = &vdev->regions[VFIO_PCI_CONFIG_REGION_INDEX].info; |