On Thu, 23 Jan 2020 13:47:59 +0000 Alexandru Elisei <alexandru.elisei@xxxxxxx> wrote: Hi, > After writing to the device fd as part of the PCI configuration space > emulation, we read back from the device to make sure that the write > finished. The value is read back into the PCI configuration space and > afterwards, the same value is copied by the PCI emulation code. Let's > read from the device fd into a temporary variable, to prevent this > double write. > > The double write is harmless in itself. But when we implement > reassignable BARs, we need to keep track of the old BAR value, and the > VFIO code is overwritting it. > > Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx> > --- > vfio/pci.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/vfio/pci.c b/vfio/pci.c > index abde16dc8693..8a775a4a4a54 100644 > --- a/vfio/pci.c > +++ b/vfio/pci.c > @@ -470,7 +470,7 @@ static void vfio_pci_cfg_write(struct kvm *kvm, struct pci_device_header *pci_hd > struct vfio_region_info *info; > struct vfio_pci_device *pdev; > struct vfio_device *vdev; > - void *base = pci_hdr; > + u32 tmp; Can we make this a u64, please? I am not sure if 64-bit MMIO is allowed for PCI config space accesses, but a guest could do it anyway, and it looks like it would overwrite the vdev pointer on the stack here in this case. Cheers, Andre. > > if (offset == PCI_ROM_ADDRESS) > return; > @@ -490,7 +490,7 @@ static void vfio_pci_cfg_write(struct kvm *kvm, struct pci_device_header *pci_hd > if (pdev->irq_modes & VFIO_PCI_IRQ_MODE_MSI) > vfio_pci_msi_cap_write(kvm, vdev, offset, data, sz); > > - if (pread(vdev->fd, base + offset, sz, info->offset + offset) != sz) > + if (pread(vdev->fd, &tmp, sz, info->offset + offset) != sz) > vfio_dev_warn(vdev, "Failed to read %d bytes from Configuration Space at 0x%x", > sz, offset); > }
