Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp435257pxj; Fri, 7 May 2021 11:55:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZEMOOVoGdWMyM6WVNx5XY40UzIPZ7wpM6aVuC0qSaNknABkrI2rAv7tgzdmzWyvtts6oC X-Received: by 2002:a17:906:4d50:: with SMTP id b16mr11640793ejv.53.1620413726375; Fri, 07 May 2021 11:55:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620413726; cv=none; d=google.com; s=arc-20160816; b=lP42rpgmN9R3/unJVmgNASL/U5C+aUBX5p4CNk/cWlX6d5F7V9uTLPfXXQzEQE+CyJ z4K4Bo8DXppz28hlDeuM6yr0F5J0UYgsSjZYwHqth4HE07ICvD40s5iFs00VEV5jR6hh aeqEN6nEjqDhqy/c7MobOKgMhHjjzPYRUNlFxn4cx/v59GnkQcUAc/Oh4+LAGhXO5C1Y c6dDXz2JGcaoCLX3V88/zpycZQzCcn3muleWVqi0CvZbTBHAqo59qGlmL+Xqsv7Y/ogu mk59bqFKDxOUJrtwbNChkjidvURgkONfeIYp0hnsqG9tHLFaR7RF6QGXOteM190rADOH WSLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:date:cc:to:from:subject:dkim-signature; bh=to4F3RSSacx66bqGoR4rednsO9qjieECmlHxCX3pgUA=; b=yqCTaHSRPXky9ZR/WN8+YxBC2DYSWyFhcrLERM59gW3y/6EdBC4e5OczapHyqJmN84 3vxeFYPd0TrL93knzlpBBRnQzr4jg+G9TO+WBABCQS1n31lozDp1t+hiQOXa3FyCuyTB JoD0mpByLIl6qzg890eMgwR0DgR8TluQwwntAhJZCUygbs6X5bHLZduj0xv9Prq+iE9K K1OI677eqrtFDSdYcrgwu5M20s10QT2G/8GEoLIzlQSyiP4+MJ0W/y6vRa+T6Z625m5S OHpEkLdL0eIoLlfZde3TUVpMPI2QmGlqxGu+n64C2ngFj2/EiyZOMG9mI/bXNTnVj2rB 2DOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Tx1412wW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qc25si5953411ejb.326.2021.05.07.11.55.01; Fri, 07 May 2021 11:55:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Tx1412wW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229611AbhEGSyV (ORCPT + 99 others); Fri, 7 May 2021 14:54:21 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:34149 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229512AbhEGSyV (ORCPT ); Fri, 7 May 2021 14:54:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620413600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=to4F3RSSacx66bqGoR4rednsO9qjieECmlHxCX3pgUA=; b=Tx1412wWo3TLsN86I5AvfRVIERuv1hZfBKuDtKnb77n9hufjvfRFKGu3XeVBNok9ep2nRR 2bhP0KgO3uMo9uuGNLi3Z55etIosO15TC3XFRU7La32JHQXsD/jmD39rI6oVsfWGtYmHi/ PUEq1C+Pn1MEEiJSRMmuvmiTDMUKwVs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-575-taiXcfulPziogsO5EiL8Vg-1; Fri, 07 May 2021 14:53:18 -0400 X-MC-Unique: taiXcfulPziogsO5EiL8Vg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C3097100A67C; Fri, 7 May 2021 18:53:17 +0000 (UTC) Received: from [172.30.42.188] (ovpn-113-225.phx2.redhat.com [10.3.113.225]) by smtp.corp.redhat.com (Postfix) with ESMTP id 96C805D74A; Fri, 7 May 2021 18:53:17 +0000 (UTC) Subject: [PATCH] vfio/pci: Sanity check IGD OpRegion Size From: Alex Williamson To: alex.williamson@redhat.com Cc: tkffaul@outlook.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Date: Fri, 07 May 2021 12:53:17 -0600 Message-ID: <162041357421.21800.16214130780777455390.stgit@omen> User-Agent: StGit/1.0-8-g6af9-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The size field of the IGD OpRegion table is supposed to indicate table size in KB, but we've seen at least one report of a BIOS that appears to incorrectly report size in bytes. The default size is 8 (*1024 = 8KB), but an incorrect implementation may report 8192 (*1024 = 8MB) and can cause a variety of mapping errors. It's believed that 8MB would be an implausible, if not absurd, actual size, so we can probably be pretty safe in assuming this is a BIOS bug where the intended size is likely 8KB. Reported-by: Travis Faulhaber Tested-by: Travis Faulhaber Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci_igd.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c index 228df565e9bc..c89a4797cd18 100644 --- a/drivers/vfio/pci/vfio_pci_igd.c +++ b/drivers/vfio/pci/vfio_pci_igd.c @@ -86,7 +86,16 @@ static int vfio_pci_igd_opregion_init(struct vfio_pci_device *vdev) return -EINVAL; } - size *= 1024; /* In KB */ + /* + * The OpRegion size field is specified as size in KB, but there have been + * user reports where this field appears to report size in bytes. If we + * read 8192, assume this is the case. + */ + if (size == OPREGION_SIZE) + pci_warn(vdev->pdev, + "BIOS Bug, IGD OpRegion reports invalid size, assuming default 8KB\n"); + else + size *= 1024; /* In KB */ /* * Support opregion v2.1+