From nobody Sat May 18 21:00:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1612358490; cv=none; d=zohomail.com; s=zohoarc; b=SyBcqobytijpeJW2fSFajMLV559tWJ42G3ZK14vVCA5KQD+VrfafB+/Gjtx14e0xwp1uFBiJ2NsuIA4mTT0ngFx63RqHsWRHM7ugWaamQU+Os5eUh5PbSoo7L01M5o9LJWBHDAopYYJaQiFbTCJ8bCz9cyjU+5nTwqRKLnUO9CA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1612358490; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KM1LFbdOXok2pTmBM5h0V2HKaL6ZeJ9Dsmh8BjxEAYk=; b=QtZ9+7uYqWI1V2htvDL1KkY0GhBecKywMqLU+sJPNps64n6ThFruTp6VDW7LKty7nE9zyn9w0VJ+ASzzwX5HtghTKLMFmwYD7KgYKqkR0B0pHeze8mfzaBFzp8sGfi4CjG1RlnBKZUmVhKaX7bOfTiaCA1CyMr6C9kA+mLr5rZA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161235849009168.98874811271423; Wed, 3 Feb 2021 05:21:30 -0800 (PST) Received: from localhost ([::1]:42982 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l7I63-00066j-PH for importer@patchew.org; Wed, 03 Feb 2021 08:21:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:57300) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l7I3G-0004B3-Rj for qemu-devel@nongnu.org; Wed, 03 Feb 2021 08:18:34 -0500 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]:40811) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l7I3F-00048e-CY for qemu-devel@nongnu.org; Wed, 03 Feb 2021 08:18:34 -0500 Received: by mail-ej1-x62c.google.com with SMTP id i8so19232810ejc.7 for ; Wed, 03 Feb 2021 05:18:32 -0800 (PST) Received: from avogadro.redhat.com ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id g14sm866892edm.31.2021.02.03.05.18.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Feb 2021 05:18:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KM1LFbdOXok2pTmBM5h0V2HKaL6ZeJ9Dsmh8BjxEAYk=; b=UAEFWw03vw3qspdbuJaQAyhY/ld3hVJijn+VokPBn+NETXYhBXWT7p6OrgRxNo+pWM THml6FJWyMsz8elPW6M+jp4TOcWa5a1Xaz5AqpKrJKMXNjNPNkug1Xgq7FDnIY7voQeh 1Bzyj/rPY9E+b5WNw5nRYb/6w/qtnsWjm3H06LA30izR951SKoFyA0GvPQvyBMuT28TH BPGEhX1wpF/SzQEJd2/qUa6SPpHrXmAkWkqpOWM2kDUEHQ1Ib/53qE8xmYvfk120kfs3 +ZUMYU0rxlbsthgtr3CAYERXpw4p6N4b7+WIPXTP3NuTLAQ+ftTU+gv610ZpSJAcKvKy haWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=KM1LFbdOXok2pTmBM5h0V2HKaL6ZeJ9Dsmh8BjxEAYk=; b=O5UNNjjFkNjvkmfuFm0wHLhL8CMKkJ8TpIH4QSpJ/oVrvP3cUfsoMOKqV5vMtv5G/+ nwKJlR61g8doYXCvPaqg7CW1+mYlmas+RkhPrCAQvWXPpZAtnvguyhSsN+8zxz2Q74Ca asmM54wrddlsCJ/hgxxnQS3swL8yNc3MQNCsZBLbUQrdH4G4Q4VowVaSl9U3FZMT1Cgm m2mFtysQ6TOdyeVL5nGJNYhW/cSwR+hOfd0SR5uSAFiZXQjESTjsQXcqSKTjml0+IDnM XSWVNd1LF8A/KcXnk2s6qPi/GR5n1sDBuVjfHh22973vd2yVJeX9IyqzR60p5Ci5zrNA Ul3g== X-Gm-Message-State: AOAM533Hj28TpfdXhVxB6TelIfcz2yptxAFTonvvb1jdMWv8VMK4Y0w0 E6hGga9PcDXqsoQON8Gv77E75/ndI/5JTQ== X-Google-Smtp-Source: ABdhPJxZazpMlaBVb3qxVctr2l9Y6nWO/luNMDHH8pAu713koKdYnvvM9DCYgw6G9sC0D84vhg4weQ== X-Received: by 2002:a17:906:c299:: with SMTP id r25mr3244207ejz.80.1612358311843; Wed, 03 Feb 2021 05:18:31 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v3 1/2] pci: reject too large ROMs Date: Wed, 3 Feb 2021 14:18:27 +0100 Message-Id: <20210203131828.156467-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210203131828.156467-1-pbonzini@redhat.com> References: <20210203131828.156467-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::62c; envelope-from=paolo.bonzini@gmail.com; helo=mail-ej1-x62c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , mst@redhat.com, lersek@redhat.com, peterx@redhat.com, dme@dme.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) get_image_size() returns an int64_t, which pci_add_option_rom() assigns to an "int" without any range checking. A 32-bit BAR could be up to 2 GiB in size, so reject anything above it. In order to accomodate a rounded-up size of 2 GiB, change pci_patch_ids's size argument to unsigned. Reviewed-by: Peter Xu Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Laszlo Ersek Signed-off-by: Paolo Bonzini Reviewed-by: David Edmondson --- hw/pci/pci.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 512e9042ff..58560c044d 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -25,6 +25,7 @@ #include "qemu/osdep.h" #include "qemu-common.h" #include "qemu/datadir.h" +#include "qemu/units.h" #include "hw/irq.h" #include "hw/pci/pci.h" #include "hw/pci/pci_bridge.h" @@ -2234,7 +2235,7 @@ static uint8_t pci_find_capability_at_offset(PCIDevic= e *pdev, uint8_t offset) =20 /* Patch the PCI vendor and device ids in a PCI rom image if necessary. This is needed for an option rom which is used for more than one device= . */ -static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, int size) +static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, uint32_t size) { uint16_t vendor_id; uint16_t device_id; @@ -2292,7 +2293,7 @@ static void pci_patch_ids(PCIDevice *pdev, uint8_t *p= tr, int size) static void pci_add_option_rom(PCIDevice *pdev, bool is_default_rom, Error **errp) { - int size; + int64_t size; char *path; void *ptr; char name[32]; @@ -2342,6 +2343,11 @@ static void pci_add_option_rom(PCIDevice *pdev, bool= is_default_rom, error_setg(errp, "romfile \"%s\" is empty", pdev->romfile); g_free(path); return; + } else if (size > 2 * GiB) { + error_setg(errp, "romfile \"%s\" too large (size cannot exceed 2 G= iB)", + pdev->romfile); + g_free(path); + return; } size =3D pow2ceil(size); =20 --=20 2.29.2 From nobody Sat May 18 21:00:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1612358489; cv=none; d=zohomail.com; s=zohoarc; b=WjOV8eilisUeZkZjaoWR4gJ0W3AqzwSOSCn+Te7YxB1RVu9em5zIyWC7agUiIjp4SKEYgyWk83pXQDGIYyjtIiVT2iJXWoMo5VmC8CQ0LGvOkTJFmxheJ0/ovoyAPlMn1yQMtb1XoO8DahqeVaAj+X0pKOFS/gdtAwCK5t7eJcg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1612358489; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=EYx1BW9srW0NGf7FfuaTHIpjAvh07KmuyWTooKiQlSE=; b=AoW5vX1JPLtcNttcncowtQqnyO4RQd8guA8mwKhvtz5WNVWNycGYEXgW8A+aS/2ys4jtDFDXZCSmrYBWE5D1Q8gRfBTtdFW07OTEHYubcWS9tLL8BJpGh5OC3dVedFaTeYYXoNP3eOoux3niYN91Mv1Kv92Btk6Km45fXjl3sDg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1612358489567631.9797869842832; Wed, 3 Feb 2021 05:21:29 -0800 (PST) Received: from localhost ([::1]:43084 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l7I64-00069m-I8 for importer@patchew.org; Wed, 03 Feb 2021 08:21:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:57318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l7I3I-0004Bd-6b for qemu-devel@nongnu.org; Wed, 03 Feb 2021 08:18:36 -0500 Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633]:45398) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l7I3G-00048r-C8 for qemu-devel@nongnu.org; Wed, 03 Feb 2021 08:18:35 -0500 Received: by mail-ej1-x633.google.com with SMTP id b9so16108121ejy.12 for ; Wed, 03 Feb 2021 05:18:33 -0800 (PST) Received: from avogadro.redhat.com ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id g14sm866892edm.31.2021.02.03.05.18.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Feb 2021 05:18:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EYx1BW9srW0NGf7FfuaTHIpjAvh07KmuyWTooKiQlSE=; b=UljujUbnc+WkhrqvrrVYGR8aqdLSWk3ZqNvYnVXBwA/81T28sxAoXva27x8YVL3yL4 VcFq56Cwj61i67IwXD41oU7K4pXd0mUvZfw9se0Q5JW+odMwAOEgn9R4tUBpmL9O1VDT UT9qBzrLT3+iXktCVlyVFsJYm+RdW+DTg2sNAnlCSiwl6ECmQAU9TBYeNABnbnZsOYH7 stWpTpFfGIckv5/GdvPOFtpIBaNCx2GxBwXtJ2wgOBSJDtUxHGu6iWQf7pOc8GVhwMEE KwX+iZ8garHI9yf7AasPTdjvsb0CtnXyEU4nlpO1YHQBdvypDymB2oZ/XVo7bTFoj7Vb OKuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=EYx1BW9srW0NGf7FfuaTHIpjAvh07KmuyWTooKiQlSE=; b=tWDP5zEPM3AGv57eE1/4pbov3xjxp35+oIXt2Sgm2SFaFe4jhtxxV8KYAKgcLct1BR U3ngDfxxzaNtDpIW/sKUj0U3Rd2IXQuI6R39p+PS5WKpl4MLmKFNXox/n2TqnjJODcrU iwf/ZCcUP8o6oeZti2bo5ifsKdiV8kVc+1Ca23lF2tWSkTSEgtA0/+feNf0OaGAdzilT BlRKwP/JQyxdG1Ioljb2DkD5qCIB14g2zxM1PP2vozmmcTEgT0kEr84WZVOjiwY1mYxy AE+CheQm7uuhBJoG9lDvhjyWlacVXKtcNNolhKy/n7yF8AKj4Q1NBf/Ld6qybVRU9ZrX Q7xQ== X-Gm-Message-State: AOAM530iQbJUwsEQDPTx5vQGvllIOiz8m4iOYSCMSpor3GYdYbB+J2u9 mGUbH1fPapgFlvoaNnWXEMd/qvHiQuX0aA== X-Google-Smtp-Source: ABdhPJyhsjbqjm54LlMaE+waNkObomiAo3itODHOwPXLe6SGw0lQj1NlgoQy/i14PARwZSpI1kASTQ== X-Received: by 2002:a17:906:57d4:: with SMTP id u20mr3138710ejr.247.1612358312886; Wed, 03 Feb 2021 05:18:32 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v3 2/2] pci: add romsize property Date: Wed, 3 Feb 2021 14:18:28 +0100 Message-Id: <20210203131828.156467-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210203131828.156467-1-pbonzini@redhat.com> References: <20210203131828.156467-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::633; envelope-from=paolo.bonzini@gmail.com; helo=mail-ej1-x633.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mst@redhat.com, lersek@redhat.com, "Dr . David Alan Gilbert" , peterx@redhat.com, dme@dme.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" This property can be useful for distros to set up known-good ROM sizes for migration purposes. The VM will fail to start if the ROM is too large, and migration compatibility will not be broken if the ROM is too small. Note that even though romsize is a uint32_t, it has to be between 1 (because empty ROM files are not accepted, and romsize must be greater than the file) and 2^31 (because values above are not powers of two and are rejected). Signed-off-by: Paolo Bonzini Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Peter Xu Message-Id: <20201218182736.1634344-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini Acked-by: Laszlo Ersek Reviewed-by: David Edmondson --- hw/pci/pci.c | 19 +++++++++++++++++-- hw/xen/xen_pt_load_rom.c | 14 ++++++++++++-- include/hw/pci/pci.h | 1 + 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 58560c044d..a9ebef8a35 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -69,6 +69,7 @@ static void pcibus_reset(BusState *qbus); static Property pci_props[] =3D { DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1), DEFINE_PROP_STRING("romfile", PCIDevice, romfile), + DEFINE_PROP_UINT32("romsize", PCIDevice, romsize, -1), DEFINE_PROP_UINT32("rombar", PCIDevice, rom_bar, 1), DEFINE_PROP_BIT("multifunction", PCIDevice, cap_present, QEMU_PCI_CAP_MULTIFUNCTION_BITNR, false), @@ -2084,6 +2085,11 @@ static void pci_qdev_realize(DeviceState *qdev, Erro= r **errp) bool is_default_rom; uint16_t class_id; =20 + if (pci_dev->romsize !=3D -1 && !is_power_of_2(pci_dev->romsize)) { + error_setg(errp, "ROM size %u is not a power of two", pci_dev->rom= size); + return; + } + /* initialize cap_present for pci_is_express() and pci_config_size(), * Note that hybrid PCIs are not set automatically and need to manage * QEMU_PCI_CAP_EXPRESS manually */ @@ -2349,7 +2355,16 @@ static void pci_add_option_rom(PCIDevice *pdev, bool= is_default_rom, g_free(path); return; } - size =3D pow2ceil(size); + if (pdev->romsize !=3D -1) { + if (size > pdev->romsize) { + error_setg(errp, "romfile \"%s\" (%u bytes) is too large for R= OM size %u", + pdev->romfile, (uint32_t)size, pdev->romsize); + g_free(path); + return; + } + } else { + pdev->romsize =3D pow2ceil(size); + } =20 vmsd =3D qdev_get_vmsd(DEVICE(pdev)); =20 @@ -2359,7 +2374,7 @@ static void pci_add_option_rom(PCIDevice *pdev, bool = is_default_rom, snprintf(name, sizeof(name), "%s.rom", object_get_typename(OBJECT(= pdev))); } pdev->has_rom =3D true; - memory_region_init_rom(&pdev->rom, OBJECT(pdev), name, size, &error_fa= tal); + memory_region_init_rom(&pdev->rom, OBJECT(pdev), name, pdev->romsize, = &error_fatal); ptr =3D memory_region_get_ram_ptr(&pdev->rom); if (load_image_size(path, ptr, size) < 0) { error_setg(errp, "failed to load romfile \"%s\"", pdev->romfile); diff --git a/hw/xen/xen_pt_load_rom.c b/hw/xen/xen_pt_load_rom.c index a50a80837e..03422a8a71 100644 --- a/hw/xen/xen_pt_load_rom.c +++ b/hw/xen/xen_pt_load_rom.c @@ -53,10 +53,20 @@ void *pci_assign_dev_load_option_rom(PCIDevice *dev, } fseek(fp, 0, SEEK_SET); =20 + if (dev->romsize !=3D -1) { + if (st.st_size > dev->romsize) { + error_report("ROM BAR \"%s\" (%ld bytes) is too large for ROM = size %u", + rom_file, (long) st.st_size, dev->romsize); + goto close_rom; + } + } else { + dev->romsize =3D st.st_size; + } + snprintf(name, sizeof(name), "%s.rom", object_get_typename(owner)); - memory_region_init_ram(&dev->rom, owner, name, st.st_size, &error_abor= t); + memory_region_init_ram(&dev->rom, owner, name, dev->romsize, &error_ab= ort); ptr =3D memory_region_get_ram_ptr(&dev->rom); - memset(ptr, 0xff, st.st_size); + memset(ptr, 0xff, dev->romsize); =20 if (!fread(ptr, 1, st.st_size, fp)) { error_report("pci-assign: Cannot read from host %s", rom_file); diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index 66db08462f..1bc231480f 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -344,6 +344,7 @@ struct PCIDevice { =20 /* Location of option rom */ char *romfile; + uint32_t romsize; bool has_rom; MemoryRegion rom; uint32_t rom_bar; --=20 2.29.2