Commit 0d6e5e8d authored by Zhu Lingshan's avatar Zhu Lingshan Committed by Michael S. Tsirkin

vDPA/ifcvf: get_config_size should return a value no greater than dev implementation

Drivers must not access a BAR outside the capability length,
and for a virtio device, ifcvf driver should not report any non-standard
capability contents to the upper layers.

Function ifcvf_get_config_size() is introduced here to return a safe value
of the device config capability size.
Signed-off-by: default avatarZhu Lingshan <lingshan.zhu@intel.com>
Message-Id: <20220722115309.82746-2-lingshan.zhu@intel.com>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent f49c2226
...@@ -127,6 +127,7 @@ int ifcvf_init_hw(struct ifcvf_hw *hw, struct pci_dev *pdev) ...@@ -127,6 +127,7 @@ int ifcvf_init_hw(struct ifcvf_hw *hw, struct pci_dev *pdev)
break; break;
case VIRTIO_PCI_CAP_DEVICE_CFG: case VIRTIO_PCI_CAP_DEVICE_CFG:
hw->dev_cfg = get_cap_addr(hw, &cap); hw->dev_cfg = get_cap_addr(hw, &cap);
hw->cap_dev_config_size = le32_to_cpu(cap.length);
IFCVF_DBG(pdev, "hw->dev_cfg = %p\n", hw->dev_cfg); IFCVF_DBG(pdev, "hw->dev_cfg = %p\n", hw->dev_cfg);
break; break;
} }
...@@ -232,15 +233,23 @@ int ifcvf_verify_min_features(struct ifcvf_hw *hw, u64 features) ...@@ -232,15 +233,23 @@ int ifcvf_verify_min_features(struct ifcvf_hw *hw, u64 features)
u32 ifcvf_get_config_size(struct ifcvf_hw *hw) u32 ifcvf_get_config_size(struct ifcvf_hw *hw)
{ {
struct ifcvf_adapter *adapter; struct ifcvf_adapter *adapter;
u32 net_config_size = sizeof(struct virtio_net_config);
u32 blk_config_size = sizeof(struct virtio_blk_config);
u32 cap_size = hw->cap_dev_config_size;
u32 config_size; u32 config_size;
adapter = vf_to_adapter(hw); adapter = vf_to_adapter(hw);
/* If the onboard device config space size is greater than
* the size of struct virtio_net/blk_config, only the spec
* implementing contents size is returned, this is very
* unlikely, defensive programming.
*/
switch (hw->dev_type) { switch (hw->dev_type) {
case VIRTIO_ID_NET: case VIRTIO_ID_NET:
config_size = sizeof(struct virtio_net_config); config_size = min(cap_size, net_config_size);
break; break;
case VIRTIO_ID_BLOCK: case VIRTIO_ID_BLOCK:
config_size = sizeof(struct virtio_blk_config); config_size = min(cap_size, blk_config_size);
break; break;
default: default:
config_size = 0; config_size = 0;
......
...@@ -87,6 +87,8 @@ struct ifcvf_hw { ...@@ -87,6 +87,8 @@ struct ifcvf_hw {
int config_irq; int config_irq;
int vqs_reused_irq; int vqs_reused_irq;
u16 nr_vring; u16 nr_vring;
/* VIRTIO_PCI_CAP_DEVICE_CFG size */
u32 cap_dev_config_size;
}; };
struct ifcvf_adapter { struct ifcvf_adapter {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment