Thanks for the fix. The implicit ptr cast will incorrectly advance the pointer. Cast to byte is the correct step. Best Regards, Colin On Fri, Nov 19, 2021 at 4:14 PM Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx> wrote: > > This is to fix incorrect pointer arithmetic which caused wrong > OpRegion version returned, then VM driver got error to get wanted > VBT block. We need to be safe to return correct data, so force > pointer type for byte access. > > Fixes: 49ba1a2976c8 ("vfio/pci: Add OpRegion 2.0+ Extended VBT support.") > Cc: Colin Xu <colin.xu@xxxxxxxxx> > Cc: Dmitry Torokhov <dtor@xxxxxxxxxxxx> > Signed-off-by: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx> > --- > drivers/vfio/pci/vfio_pci_igd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c > index 56cd551e0e04..dad6eeed5e80 100644 > --- a/drivers/vfio/pci/vfio_pci_igd.c > +++ b/drivers/vfio/pci/vfio_pci_igd.c > @@ -98,7 +98,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > version = cpu_to_le16(0x0201); > > if (igd_opregion_shift_copy(buf, &off, > - &version + (pos - OPREGION_VERSION), > + (u8 *)&version + (pos - OPREGION_VERSION), > &pos, &remaining, bytes)) > return -EFAULT; > } > @@ -121,7 +121,7 @@ static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, > OPREGION_SIZE : 0); > > if (igd_opregion_shift_copy(buf, &off, > - &rvda + (pos - OPREGION_RVDA), > + (u8 *)&rvda + (pos - OPREGION_RVDA), > &pos, &remaining, bytes)) > return -EFAULT; > } > -- > 2.33.1 >