From nobody Sun Sep 28 16:28:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758729288; cv=none; d=zohomail.com; s=zohoarc; b=L/6VnaIiPK8S/cTNjCxHiztlqaL9RDmy01yv58kIQEVHgNHivi8HLFXqTxz+nMfyL2HlqQV+mfc1zQC52LHrL1FGH++kFSXSUZv7IZn/9Pq7xw4EOa/4Eb/cpeylgdDDuwgGSFBPfyOgVetGjtd7JOFu9bozzTUcIx8RnMVznXs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758729288; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=u7lXuePxzOzYt4UWtbo1RmvyGupM6Ucgui12K9Ck/i0=; b=ms7mpiTbINYNs6u0BEjxvpFDgo0yQ/5l+/8OpTXqMP1SwC6Xg4d1mbwT0IXxLol0J/KKRiMMFSV7q/G7eEZa9OP7wfSTx1aJIJNOVTUUq12B8bcjfdItWvZgK8O4qIa+J6HkCUPvva5igoMeCLfRoMYP7e4tM25Jhyus7cGpDp4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758729288212951.2544406198817; Wed, 24 Sep 2025 08:54:48 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v1Rni-00039D-1T; Wed, 24 Sep 2025 11:53:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v1RnZ-00038d-LR for qemu-devel@nongnu.org; Wed, 24 Sep 2025 11:52:54 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v1RnS-0001rW-Bq for qemu-devel@nongnu.org; Wed, 24 Sep 2025 11:52:52 -0400 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-553-0p8kFn9bP0eibMMyZIg5mA-1; Wed, 24 Sep 2025 11:52:38 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2268519560AB; Wed, 24 Sep 2025 15:52:37 +0000 (UTC) Received: from localhost (unknown [10.2.16.207]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 339011955F22; Wed, 24 Sep 2025 15:52:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758729163; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=u7lXuePxzOzYt4UWtbo1RmvyGupM6Ucgui12K9Ck/i0=; b=cr/nkHybcCfJEe/wzBqTlyoHZVwwTr1O8ykJDg6lwCLjFtTGnADYMFWnQHHIkBJZmx/N8d iwHzBFNt30VVPh3UfCoaZE0+Ly4S/MRPNReGPm3Q95eASEml2hlW0Rr/LgNAojM+qFPhHv RY/XVw83SkVEGnaeaEKoKeRJp8HnxgI= X-MC-Unique: 0p8kFn9bP0eibMMyZIg5mA-1 X-Mimecast-MFC-AGG-ID: 0p8kFn9bP0eibMMyZIg5mA_1758729157 From: Stefan Hajnoczi To: qemu-devel@nongnu.org Cc: Marcel Apfelbaum , "Michael S. Tsirkin" , Stefan Hajnoczi , Akihiko Odaki , Qing Wang Subject: [PATCH] pcie_sriov: make pcie_sriov_pf_exit() safe on non-SR-IOV devices Date: Wed, 24 Sep 2025 11:51:53 -0400 Message-ID: <20250924155153.579495-1-stefanha@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=stefanha@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.444, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758729290820116600 Content-Type: text/plain; charset="utf-8" Commit 3f9cfaa92c96 ("virtio-pci: Implement SR-IOV PF") added an unconditional call from virtio_pci_exit() to pcie_sriov_pf_exit(). pcie_sriov_pf_exit() reads from the SR-IOV Capability in Configuration Space: uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; ... unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This results in undefined behavior when dev->exp.sriov_cap is 0 because this is not an SR-IOV device. For example, unparent_vfs() segfaults when total_vfs happens to be non-zero. Fix this by returning early from pcie_sriov_pf_exit() when dev->exp.sriov_cap is 0 because this is not an SR-IOV device. Cc: Akihiko Odaki Cc: Michael S. Tsirkin Reported-by: Qing Wang Buglink: https://issues.redhat.com/browse/RHEL-116443 Signed-off-by: Stefan Hajnoczi --- hw/pci/pcie_sriov.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 8a4bf0d6f7..cf1b5b5c05 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -195,7 +195,9 @@ bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, =20 void pcie_sriov_pf_exit(PCIDevice *dev) { - uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; + if (dev->exp.sriov_cap =3D=3D 0) { + return; + } =20 if (dev->exp.sriov_pf.vf_user_created) { uint16_t ven_id =3D pci_get_word(dev->config + PCI_VENDOR_ID); @@ -211,6 +213,8 @@ void pcie_sriov_pf_exit(PCIDevice *dev) pci_config_set_device_id(dev->exp.sriov_pf.vf[i]->config, vf_d= ev_id); } } else { + uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; + unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)); } } --=20 2.51.0