From patchwork Tue Apr 14 14:39:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandru Elisei X-Patchwork-Id: 11487953 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B01D792C for ; Tue, 14 Apr 2020 14:42:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 97B7420775 for ; Tue, 14 Apr 2020 14:42:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391102AbgDNOmq (ORCPT ); Tue, 14 Apr 2020 10:42:46 -0400 Received: from foss.arm.com ([217.140.110.172]:57180 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391067AbgDNOkM (ORCPT ); Tue, 14 Apr 2020 10:40:12 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 83BE711B3; Tue, 14 Apr 2020 07:40:11 -0700 (PDT) Received: from e123195-lin.cambridge.arm.com (e123195-lin.cambridge.arm.com [10.1.196.63]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9C60C3F73D; Tue, 14 Apr 2020 07:40:10 -0700 (PDT) From: Alexandru Elisei To: kvm@vger.kernel.org Cc: will@kernel.org, julien.thierry.kdev@gmail.com, andre.przywara@arm.com, sami.mujawar@arm.com, lorenzo.pieralisi@arm.com Subject: [PATCH kvmtool 12/18] vfio/pci: Ignore expansion ROM BAR writes Date: Tue, 14 Apr 2020 15:39:40 +0100 Message-Id: <20200414143946.1521-13-alexandru.elisei@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200414143946.1521-1-alexandru.elisei@arm.com> References: <20200414143946.1521-1-alexandru.elisei@arm.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org To get the size of the expansion ROM, software writes 0xfffff800 to the expansion ROM BAR in the PCI configuration space. PCI emulation executes the optional configuration space write callback that a device can implement before emulating this write. kvmtool's implementation of VFIO doesn't have support for emulating expansion ROMs. However, the callback writes the guest value to the hardware BAR, and then it reads it back to the emulated BAR to make sure the write has completed successfully. After this, we return to regular PCI emulation and because the BAR is no longer 0, we write back to the BAR the value that the guest used to get the size. As a result, the guest will think that the ROM size is 0x800 after the subsequent read and we end up unintentionally exposing to the guest a BAR which we don't emulate. Let's fix this by ignoring writes to the expansion ROM BAR. Reviewed-by: Andre Przywara Signed-off-by: Alexandru Elisei --- vfio/pci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vfio/pci.c b/vfio/pci.c index 1bdc20038411..1f38f90c3ae9 100644 --- a/vfio/pci.c +++ b/vfio/pci.c @@ -472,6 +472,9 @@ static void vfio_pci_cfg_write(struct kvm *kvm, struct pci_device_header *pci_hd struct vfio_device *vdev; void *base = pci_hdr; + if (offset == PCI_ROM_ADDRESS) + return; + pdev = container_of(pci_hdr, struct vfio_pci_device, hdr); vdev = container_of(pdev, struct vfio_device, pci); info = &vdev->regions[VFIO_PCI_CONFIG_REGION_INDEX].info;