From: Zhu Lingshan <lingshan.zhu@intel.com>
To: jasowang@redhat.com, mst@redhat.com
Cc: virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, parav@nvidia.com,
xieyongji@bytedance.com, gautam.dawar@amd.com,
Zhu Lingshan <lingshan.zhu@intel.com>
Subject: [PATCH V4 1/6] vDPA/ifcvf: get_config_size should return a value no greater than dev implementation
Date: Fri, 22 Jul 2022 19:53:04 +0800 [thread overview]
Message-ID: <20220722115309.82746-2-lingshan.zhu@intel.com> (raw)
In-Reply-To: <20220722115309.82746-1-lingshan.zhu@intel.com>
Drivers must not access a BAR outside the capability length,
and for a virtio device, ifcvf driver should not report any non-standard
capability contents to the upper layers.
Function ifcvf_get_config_size() is introduced here to return a safe value
of the device config capability size.
Signed-off-by: Zhu Lingshan <lingshan.zhu@intel.com>
---
drivers/vdpa/ifcvf/ifcvf_base.c | 13 +++++++++++--
drivers/vdpa/ifcvf/ifcvf_base.h | 2 ++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/vdpa/ifcvf/ifcvf_base.c b/drivers/vdpa/ifcvf/ifcvf_base.c
index 48c4dadb0c7c..85611be5ccb4 100644
--- a/drivers/vdpa/ifcvf/ifcvf_base.c
+++ b/drivers/vdpa/ifcvf/ifcvf_base.c
@@ -128,6 +128,7 @@ int ifcvf_init_hw(struct ifcvf_hw *hw, struct pci_dev *pdev)
break;
case VIRTIO_PCI_CAP_DEVICE_CFG:
hw->dev_cfg = get_cap_addr(hw, &cap);
+ hw->cap_dev_config_size = le32_to_cpu(cap.length);
IFCVF_DBG(pdev, "hw->dev_cfg = %p\n", hw->dev_cfg);
break;
}
@@ -233,15 +234,23 @@ int ifcvf_verify_min_features(struct ifcvf_hw *hw, u64 features)
u32 ifcvf_get_config_size(struct ifcvf_hw *hw)
{
struct ifcvf_adapter *adapter;
+ u32 net_config_size = sizeof(struct virtio_net_config);
+ u32 blk_config_size = sizeof(struct virtio_blk_config);
+ u32 cap_size = hw->cap_dev_config_size;
u32 config_size;
adapter = vf_to_adapter(hw);
+ /* If the onboard device config space size is greater than
+ * the size of struct virtio_net/blk_config, only the spec
+ * implementing contents size is returned, this is very
+ * unlikely, defensive programming.
+ */
switch (hw->dev_type) {
case VIRTIO_ID_NET:
- config_size = sizeof(struct virtio_net_config);
+ config_size = min(cap_size, net_config_size);
break;
case VIRTIO_ID_BLOCK:
- config_size = sizeof(struct virtio_blk_config);
+ config_size = min(cap_size, blk_config_size);
break;
default:
config_size = 0;
diff --git a/drivers/vdpa/ifcvf/ifcvf_base.h b/drivers/vdpa/ifcvf/ifcvf_base.h
index 115b61f4924b..f5563f665cc6 100644
--- a/drivers/vdpa/ifcvf/ifcvf_base.h
+++ b/drivers/vdpa/ifcvf/ifcvf_base.h
@@ -87,6 +87,8 @@ struct ifcvf_hw {
int config_irq;
int vqs_reused_irq;
u16 nr_vring;
+ /* VIRTIO_PCI_CAP_DEVICE_CFG size */
+ u32 cap_dev_config_size;
};
struct ifcvf_adapter {
--
2.31.1
next prev parent reply other threads:[~2022-07-22 12:01 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 11:53 [PATCH V4 0/6] ifcvf/vDPA: support query device config space through netlink Zhu Lingshan
2022-07-22 11:53 ` Zhu Lingshan [this message]
2022-07-22 11:53 ` [PATCH V4 2/6] vDPA/ifcvf: support userspace to query features and MQ of a management device Zhu Lingshan
2022-07-22 11:53 ` [PATCH V4 3/6] vDPA: allow userspace to query features of a vDPA device Zhu Lingshan
2022-07-22 13:12 ` Parav Pandit
2022-07-22 13:12 ` Parav Pandit via Virtualization
2022-07-23 11:23 ` Zhu, Lingshan
2022-07-24 15:21 ` Parav Pandit
2022-07-24 15:21 ` Parav Pandit via Virtualization
2022-07-26 11:02 ` Zhu, Lingshan
2022-07-26 11:06 ` Parav Pandit
2022-07-26 11:06 ` Parav Pandit via Virtualization
2022-07-26 11:15 ` Zhu Lingshan
2022-07-27 6:02 ` Zhu, Lingshan
2022-08-09 19:27 ` Parav Pandit
2022-08-09 19:27 ` Parav Pandit via Virtualization
2022-08-09 19:24 ` Michael S. Tsirkin
2022-08-09 19:24 ` Michael S. Tsirkin
2022-08-09 19:28 ` Parav Pandit
2022-08-09 19:28 ` Parav Pandit via Virtualization
2022-08-10 2:51 ` Zhu, Lingshan
2022-07-22 11:53 ` [PATCH V4 4/6] vDPA: !FEATURES_OK should not block querying device config space Zhu Lingshan
2022-07-22 11:53 ` [PATCH V4 5/6] vDPA: answer num of queue pairs = 1 to userspace when VIRTIO_NET_F_MQ == 0 Zhu Lingshan
2022-07-22 13:14 ` Parav Pandit
2022-07-22 13:14 ` Parav Pandit via Virtualization
2022-07-23 11:24 ` Zhu, Lingshan
2022-08-09 19:36 ` Michael S. Tsirkin
2022-08-09 19:36 ` Michael S. Tsirkin
2022-08-09 19:48 ` Parav Pandit via Virtualization
2022-08-09 19:48 ` Parav Pandit
2022-08-10 0:54 ` Si-Wei Liu
2022-08-10 0:54 ` Si-Wei Liu
2022-08-10 1:09 ` Jason Wang
2022-08-10 1:09 ` Jason Wang
2022-08-11 0:58 ` Si-Wei Liu
2022-08-11 0:58 ` Si-Wei Liu
2022-08-10 2:40 ` Zhu, Lingshan
2022-07-22 11:53 ` [PATCH V4 6/6] vDPA: fix 'cast to restricted le16' warnings in vdpa.c Zhu Lingshan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220722115309.82746-2-lingshan.zhu@intel.com \
--to=lingshan.zhu@intel.com \
--cc=gautam.dawar@amd.com \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=parav@nvidia.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=xieyongji@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.