Re: [PATCH v2 2/7] hw/pci: Skip EFI option ROM in pci_patch_ids()

[Alex Williamson <alex@shazbot.org>]

On Mon,  8 Jun 2026 21:45:53 +0800
Tomita Moeko <tomitamoeko@gmail.com> wrote:

> pci_patch_ids() patches the checksum at the reserved 0x06 byte, but
> for EFI option ROMs the 32 bits at 0x04 are the EFI signature and
> must be 0x00000EF1. Since OVMF does not check vendor/device IDs in
> the PCIR header or the checksum, skip patching for EFI ROMs.
> 
> Reported-by: K S Maan <kirandeepmaan45@gmail.com>
> Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
> ---
>  hw/pci/pci.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index 742917f79d..eb10e586d5 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -2521,6 +2521,11 @@ static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, uint32_t size)
>          return;
>      }
>  
> +    /* OVMF won't check IDs in PCIR header, skip EFI roms */
> +    if (pci_get_byte(ptr + pcir_offset + 0x14) == 0x03) {
> +        return;
> +    }
> +

Just above this we have the sanity testing:

    if (pcir_offset + 8 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) {
        trace_pci_bad_pcir_offset(pcir_offset);
        return;
    }

+8 covers the vendor and device IDs, but now we're reaching deeper and
should extend the validation to match.  s/8/0x14/  Thanks,

Alex

>      vendor_id = pci_get_word(pdev->config + PCI_VENDOR_ID);
>      device_id = pci_get_word(pdev->config + PCI_DEVICE_ID);
>      rom_vendor_id = pci_get_word(ptr + pcir_offset + 4);