| Message ID | 20201008171558.410886-2-jean-philippe@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | virtio-iommu: VFIO integration | expand |
Hi Jean, On 10/8/20 7:15 PM, Jean-Philippe Brucker wrote: > Due to an invalid mask, virtio_iommu_mr() may return the wrong memory > region. It hasn't been too problematic so far because the function was > only used to test existence of an endpoint, but that is about to change. > > Fixes: cfb42188b24d ("virtio-iommu: Implement attach/detach command") > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Maybe add CC: QEMU Stable <qemu-stable@nongnu.org> Acked-by: Eric Auger <eric.auger@redhat.com> Thanks Eric > --- > hw/virtio/virtio-iommu.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c > index a91fa2f674c..543fbbb24fb 100644 > --- a/hw/virtio/virtio-iommu.c > +++ b/hw/virtio/virtio-iommu.c > @@ -101,7 +101,7 @@ static IOMMUMemoryRegion *virtio_iommu_mr(VirtIOIOMMU *s, uint32_t sid) > bus_n = PCI_BUS_NUM(sid); > iommu_pci_bus = iommu_find_iommu_pcibus(s, bus_n); > if (iommu_pci_bus) { > - devfn = sid & PCI_DEVFN_MAX; > + devfn = sid & (PCI_DEVFN_MAX - 1); > dev = iommu_pci_bus->pbdev[devfn]; > if (dev) { > return &dev->iommu_mr; >
On Thu, Oct 08, 2020 at 07:15:49PM +0200, Jean-Philippe Brucker wrote: > Due to an invalid mask, virtio_iommu_mr() may return the wrong memory > region. It hasn't been too problematic so far because the function was > only used to test existence of an endpoint, but that is about to change. > > Fixes: cfb42188b24d ("virtio-iommu: Implement attach/detach command") > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Peter Xu <peterx@redhat.com> -- Peter Xu
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index a91fa2f674c..543fbbb24fb 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -101,7 +101,7 @@ static IOMMUMemoryRegion *virtio_iommu_mr(VirtIOIOMMU *s, uint32_t sid) bus_n = PCI_BUS_NUM(sid); iommu_pci_bus = iommu_find_iommu_pcibus(s, bus_n); if (iommu_pci_bus) { - devfn = sid & PCI_DEVFN_MAX; + devfn = sid & (PCI_DEVFN_MAX - 1); dev = iommu_pci_bus->pbdev[devfn]; if (dev) { return &dev->iommu_mr;
Due to an invalid mask, virtio_iommu_mr() may return the wrong memory region. It hasn't been too problematic so far because the function was only used to test existence of an endpoint, but that is about to change. Fixes: cfb42188b24d ("virtio-iommu: Implement attach/detach command") Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> --- hw/virtio/virtio-iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)