From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Akihiko Odaki <akihiko.odaki@daynix.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Sriram Yagnaraman <sriram.yagnaraman@ericsson.com>,
Jason Wang <jasowang@redhat.com>, Keith Busch <kbusch@kernel.org>,
Klaus Jensen <its@irrelevant.dk>,
Jesper Devantier <foss@defmacro.it>,
qemu-block@nongnu.org
Subject: [PULL v3 80/85] pcie_sriov: Ensure VF function number does not overflow
Date: Wed, 3 Jul 2024 18:50:21 -0400 [thread overview]
Message-ID: <77718701157f6ca77ea7a57b536fa0a22f676082.1720046570.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1720046570.git.mst@redhat.com>
From: Akihiko Odaki <akihiko.odaki@daynix.com>
pci_new() aborts when creating a VF with a function number equals to or
is greater than PCI_DEVFN_MAX.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240627-reuse-v10-5-7ca0b8ed3d9f@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
docs/pcie_sriov.txt | 8 +++++---
include/hw/pci/pcie_sriov.h | 5 +++--
hw/net/igb.c | 13 ++++++++++---
hw/nvme/ctrl.c | 24 ++++++++++++++++--------
hw/pci/pcie_sriov.c | 19 +++++++++++++++++--
5 files changed, 51 insertions(+), 18 deletions(-)
diff --git a/docs/pcie_sriov.txt b/docs/pcie_sriov.txt
index a47aad0bfa..ab2142807f 100644
--- a/docs/pcie_sriov.txt
+++ b/docs/pcie_sriov.txt
@@ -52,9 +52,11 @@ setting up a BAR for a VF.
...
/* Add and initialize the SR/IOV capability */
- pcie_sriov_pf_init(d, 0x200, "your_virtual_dev",
- vf_devid, initial_vfs, total_vfs,
- fun_offset, stride);
+ if (!pcie_sriov_pf_init(d, 0x200, "your_virtual_dev",
+ vf_devid, initial_vfs, total_vfs,
+ fun_offset, stride, errp)) {
+ return;
+ }
/* Set up individual VF BARs (parameters as for normal BARs) */
pcie_sriov_pf_init_vf_bar( ... )
diff --git a/include/hw/pci/pcie_sriov.h b/include/hw/pci/pcie_sriov.h
index 450cbef6c2..aa704e8f9d 100644
--- a/include/hw/pci/pcie_sriov.h
+++ b/include/hw/pci/pcie_sriov.h
@@ -27,10 +27,11 @@ typedef struct PCIESriovVF {
uint16_t vf_number; /* Logical VF number of this function */
} PCIESriovVF;
-void pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset,
+bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset,
const char *vfname, uint16_t vf_dev_id,
uint16_t init_vfs, uint16_t total_vfs,
- uint16_t vf_offset, uint16_t vf_stride);
+ uint16_t vf_offset, uint16_t vf_stride,
+ Error **errp);
void pcie_sriov_pf_exit(PCIDevice *dev);
/* Set up a VF bar in the SR/IOV bar area */
diff --git a/hw/net/igb.c b/hw/net/igb.c
index b92bba402e..b6ca2f1b8a 100644
--- a/hw/net/igb.c
+++ b/hw/net/igb.c
@@ -446,9 +446,16 @@ static void igb_pci_realize(PCIDevice *pci_dev, Error **errp)
pcie_ari_init(pci_dev, 0x150);
- pcie_sriov_pf_init(pci_dev, IGB_CAP_SRIOV_OFFSET, TYPE_IGBVF,
- IGB_82576_VF_DEV_ID, IGB_MAX_VF_FUNCTIONS, IGB_MAX_VF_FUNCTIONS,
- IGB_VF_OFFSET, IGB_VF_STRIDE);
+ if (!pcie_sriov_pf_init(pci_dev, IGB_CAP_SRIOV_OFFSET,
+ TYPE_IGBVF, IGB_82576_VF_DEV_ID,
+ IGB_MAX_VF_FUNCTIONS, IGB_MAX_VF_FUNCTIONS,
+ IGB_VF_OFFSET, IGB_VF_STRIDE,
+ errp)) {
+ pcie_cap_exit(pci_dev);
+ igb_cleanup_msix(s);
+ msi_uninit(pci_dev);
+ return;
+ }
pcie_sriov_pf_init_vf_bar(pci_dev, IGBVF_MMIO_BAR_IDX,
PCI_BASE_ADDRESS_MEM_TYPE_64 | PCI_BASE_ADDRESS_MEM_PREFETCH,
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 127c3d2383..066389e391 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -8048,7 +8048,8 @@ out:
return pow2ceil(bar_size);
}
-static void nvme_init_sriov(NvmeCtrl *n, PCIDevice *pci_dev, uint16_t offset)
+static bool nvme_init_sriov(NvmeCtrl *n, PCIDevice *pci_dev, uint16_t offset,
+ Error **errp)
{
uint16_t vf_dev_id = n->params.use_intel_id ?
PCI_DEVICE_ID_INTEL_NVME : PCI_DEVICE_ID_REDHAT_NVME;
@@ -8057,12 +8058,17 @@ static void nvme_init_sriov(NvmeCtrl *n, PCIDevice *pci_dev, uint16_t offset)
le16_to_cpu(cap->vifrsm),
NULL, NULL);
- pcie_sriov_pf_init(pci_dev, offset, "nvme", vf_dev_id,
- n->params.sriov_max_vfs, n->params.sriov_max_vfs,
- NVME_VF_OFFSET, NVME_VF_STRIDE);
+ if (!pcie_sriov_pf_init(pci_dev, offset, "nvme", vf_dev_id,
+ n->params.sriov_max_vfs, n->params.sriov_max_vfs,
+ NVME_VF_OFFSET, NVME_VF_STRIDE,
+ errp)) {
+ return false;
+ }
pcie_sriov_pf_init_vf_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
PCI_BASE_ADDRESS_MEM_TYPE_64, bar_size);
+
+ return true;
}
static int nvme_add_pm_capability(PCIDevice *pci_dev, uint8_t offset)
@@ -8155,6 +8161,12 @@ static bool nvme_init_pci(NvmeCtrl *n, PCIDevice *pci_dev, Error **errp)
return false;
}
+ if (!pci_is_vf(pci_dev) && n->params.sriov_max_vfs &&
+ !nvme_init_sriov(n, pci_dev, 0x120, errp)) {
+ msix_uninit(pci_dev, &n->bar0, &n->bar0);
+ return false;
+ }
+
nvme_update_msixcap_ts(pci_dev, n->conf_msix_qsize);
if (n->params.cmb_size_mb) {
@@ -8165,10 +8177,6 @@ static bool nvme_init_pci(NvmeCtrl *n, PCIDevice *pci_dev, Error **errp)
nvme_init_pmr(n, pci_dev);
}
- if (!pci_is_vf(pci_dev) && n->params.sriov_max_vfs) {
- nvme_init_sriov(n, pci_dev, 0x120);
- }
-
return true;
}
diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c
index 499becd527..f0bde0d3fc 100644
--- a/hw/pci/pcie_sriov.c
+++ b/hw/pci/pcie_sriov.c
@@ -24,14 +24,27 @@ static PCIDevice *register_vf(PCIDevice *pf, int devfn,
const char *name, uint16_t vf_num);
static void unregister_vfs(PCIDevice *dev);
-void pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset,
+bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset,
const char *vfname, uint16_t vf_dev_id,
uint16_t init_vfs, uint16_t total_vfs,
- uint16_t vf_offset, uint16_t vf_stride)
+ uint16_t vf_offset, uint16_t vf_stride,
+ Error **errp)
{
uint8_t *cfg = dev->config + offset;
uint8_t *wmask;
+ if (total_vfs) {
+ uint16_t ari_cap = pcie_find_capability(dev, PCI_EXT_CAP_ID_ARI);
+ uint16_t first_vf_devfn = dev->devfn + vf_offset;
+ uint16_t last_vf_devfn = first_vf_devfn + vf_stride * (total_vfs - 1);
+
+ if ((!ari_cap && PCI_SLOT(dev->devfn) != PCI_SLOT(last_vf_devfn)) ||
+ last_vf_devfn >= PCI_DEVFN_MAX) {
+ error_setg(errp, "VF function number overflows");
+ return false;
+ }
+ }
+
pcie_add_capability(dev, PCI_EXT_CAP_ID_SRIOV, 1,
offset, PCI_EXT_CAP_SRIOV_SIZEOF);
dev->exp.sriov_cap = offset;
@@ -69,6 +82,8 @@ void pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset,
pci_set_word(wmask + PCI_SRIOV_SYS_PGSIZE, 0x553);
qdev_prop_set_bit(&dev->qdev, "multifunction", true);
+
+ return true;
}
void pcie_sriov_pf_exit(PCIDevice *dev)
--
MST
next prev parent reply other threads:[~2024-07-03 22:51 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-03 22:44 [PULL v3 00/85] virtio: features,fixes Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 01/85] vhost: dirty log should be per backend type Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 02/85] vhost: Perform memory section dirty scans once per iteration Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 03/85] vhost-vdpa: check vhost_vdpa_set_vring_ready() return value Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 04/85] virtio/virtio-pci: Handle extra notification data Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 05/85] virtio: Prevent creation of device using notification-data with ioeventfd Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 06/85] virtio-mmio: Handle extra notification data Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 07/85] virtio-ccw: " Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 08/85] vhost/vhost-user: Add VIRTIO_F_NOTIFICATION_DATA to vhost feature bits Michael S. Tsirkin
2024-07-03 22:44 ` [PULL v3 09/85] Fix vhost user assertion when sending more than one fd Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 10/85] vhost-vsock: add VIRTIO_F_RING_PACKED to feature_bits Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 11/85] hw/virtio: Fix obtain the buffer id from the last descriptor Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 12/85] virtio-pci: only reset pm state during resetting Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 13/85] vhost-user-gpu: fix import of DMABUF Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 14/85] Revert "vhost-user: fix lost reconnect" Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 15/85] vhost-user: fix lost reconnect again Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 16/85] hw/cxl/mailbox: change CCI cmd set structure to be a member, not a reference Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 17/85] hw/cxl/mailbox: interface to add CCI commands to an existing CCI Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 18/85] hw/cxl/cxl-mailbox-utils: Add dc_event_log_size field to output payload of identify memory device command Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 19/85] hw/cxl/cxl-mailbox-utils: Add dynamic capacity region representative and mailbox command support Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 20/85] include/hw/cxl/cxl_device: Rename mem_size as static_mem_size for type3 memory devices Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 21/85] hw/mem/cxl_type3: Add support to create DC regions to " Michael S. Tsirkin
2024-07-03 22:45 ` [PULL v3 22/85] hw/mem/cxl-type3: Refactor ct3_build_cdat_entries_for_mr to take mr size instead of mr as argument Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 23/85] hw/mem/cxl_type3: Add host backend and address space handling for DC regions Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 24/85] hw/mem/cxl_type3: Add DC extent list representative and get DC extent list mailbox support Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 25/85] hw/cxl/cxl-mailbox-utils: Add mailbox commands to support add/release dynamic capacity response Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 26/85] hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 27/85] hw/mem/cxl_type3: Add DPA range validation for accesses to DC regions Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 28/85] hw/cxl/cxl-mailbox-utils: Add superset extent release mailbox support Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 29/85] hw/mem/cxl_type3: Allow to release extent superset in QMP interface Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 30/85] linux-headers: update to 6.10-rc1 Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 31/85] hw/misc/pvpanic: centralize definition of supported events Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 32/85] tests/qtest/pvpanic: use centralized " Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 33/85] hw/misc/pvpanic: add support for normal shutdowns Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 34/85] pvpanic: Emit GUEST_PVSHUTDOWN QMP event on pvpanic shutdown signal Michael S. Tsirkin
2024-07-03 22:46 ` [PULL v3 35/85] tests/qtest/pvpanic: add tests for pvshutdown event Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 36/85] Revert "docs/specs/pvpanic: mark shutdown event as not implemented" Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 37/85] virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one() Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 38/85] hw/cxl: Fix read from bogus memory Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 39/85] virtio-pci: implement No_Soft_Reset bit Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 40/85] vhost-user-test: no set non-blocking for cal fd less than 0 Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 41/85] i386/apic: Add hint on boot failure because of disabling x2APIC Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 42/85] hw/virtio: Free vqs after vhost_dev_cleanup() Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 43/85] virtio-iommu: add error check before assert Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 44/85] vhost-user: Skip unnecessary duplicated VHOST_USER_SET_LOG_BASE requests Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 45/85] hw/net/virtio-net.c: fix crash in iov_copy() Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 46/85] qapi: clarify that the default is backend dependent Michael S. Tsirkin
2024-07-03 22:47 ` [PULL v3 47/85] libvhost-user: set msg.msg_control to NULL when it is empty Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 48/85] libvhost-user: fail vu_message_write() if sendmsg() is failing Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 49/85] libvhost-user: mask F_INFLIGHT_SHMFD if memfd is not supported Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 50/85] vhost-user-server: do not set memory fd non-blocking Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 51/85] contrib/vhost-user-blk: fix bind() using the right size of the address Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 52/85] contrib/vhost-user-*: use QEMU bswap helper functions Michael S. Tsirkin
2024-07-12 14:24 ` Peter Maydell
2024-07-12 15:18 ` Stefano Garzarella
2024-07-12 15:23 ` Peter Maydell
2024-07-03 22:48 ` [PULL v3 53/85] hostmem: add a new memory backend based on POSIX shm_open() Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 54/85] tests/qtest/vhost-user-blk-test: use memory-backend-shm Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 55/85] tests/qtest/vhost-user-test: add a test case for memory-backend-shm Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 56/85] hw/virtio: Fix the de-initialization of vhost-user devices Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 57/85] hw/arm/virt-acpi-build: Drop local iort_node_offset Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 58/85] hw/i386/fw_cfg: Add etc/e820 to fw_cfg late Michael S. Tsirkin
2024-07-04 8:09 ` David Woodhouse
2024-07-04 9:54 ` Alex Bennée
2024-07-03 22:48 ` [PULL v3 59/85] hw/arm/virt-acpi-build: Fix id_count in build_iort_id_mapping Michael S. Tsirkin
2024-07-03 22:48 ` [PULL v3 60/85] uefi-test-tools/UefiTestToolsPkg: Add RISC-V support Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 61/85] uefi-test-tools: Add support for python based build script Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 62/85] tests/data/uefi-boot-images: Add RISC-V ISO image Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 63/85] qtest: bios-tables-test: Rename aarch64 tests with aarch64 in them Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 64/85] tests/qtest/bios-tables-test.c: Add support for arch in path Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 65/85] tests/qtest/bios-tables-test.c: Set "arch" for aarch64 tests Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 66/85] tests/qtest/bios-tables-test.c: Set "arch" for x86 tests Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 67/85] tests/data/acpi: Move x86 ACPI tables under x86/${machine} path Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 68/85] tests/data/acpi/virt: Move ARM64 ACPI tables under aarch64/${machine} path Michael S. Tsirkin
2024-07-03 22:56 ` Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 70/85] pc-bios/meson.build: Add support for RISC-V in unpack_edk2_blobs Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 71/85] tests/data/acpi/rebuild-expected-aml.sh: Add RISC-V Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 72/85] hw/cxl/events: Improve QMP interfaces and documentation for add/release dynamic capacity Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 73/85] hw/cxl/events: Mark cxl-add-dynamic-capacity and cxl-release-dynamic-capcity unstable Michael S. Tsirkin
2024-07-03 22:49 ` [PULL v3 74/85] virtio: remove virtio_tswap16s() call in vring_packed_event_read() Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 75/85] virtio-iommu: Clear IOMMUDevice when VFIO device is unplugged Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 76/85] hw/pci: Rename has_power to enabled Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 77/85] hw/ppc/spapr_pci: Do not create DT for disabled PCI device Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 78/85] hw/ppc/spapr_pci: Do not reject VFs created after a PF Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 79/85] pcie_sriov: Do not manually unrealize Michael S. Tsirkin
2024-07-03 22:50 ` Michael S. Tsirkin [this message]
2024-07-03 22:50 ` [PULL v3 81/85] pcie_sriov: Reuse SR-IOV VF device instances Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 82/85] pcie_sriov: Release VFs failed to realize Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 83/85] pcie_sriov: Remove num_vfs from PCIESriovPF Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 84/85] pcie_sriov: Register VFs after migration Michael S. Tsirkin
2024-07-03 22:50 ` [PULL v3 85/85] hw/pci: Replace -1 with UINT32_MAX for romsize Michael S. Tsirkin
2024-07-03 22:56 ` [PULL v3 69/85] meson.build: Add RISC-V to the edk2-target list Michael S. Tsirkin
2024-07-04 16:13 ` [PULL v3 00/85] virtio: features,fixes Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=77718701157f6ca77ea7a57b536fa0a22f676082.1720046570.git.mst@redhat.com \
--to=mst@redhat.com \
--cc=akihiko.odaki@daynix.com \
--cc=foss@defmacro.it \
--cc=its@irrelevant.dk \
--cc=jasowang@redhat.com \
--cc=kbusch@kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=sriram.yagnaraman@ericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).