[v1] xen/pci: prevent infinite loop for faulty SR-IOV cards

[PATCH] xen/pci: prevent infinite loop for faulty SR-IOV cards

Posted by Frediano Ziglio 5 days, 4 hours ago

If a SR-IOV card presents an I/O space inside a BAR the
code will continue to loop on the same card.
This is due to the missing increment of the cycle variable.

Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
---
 xen/drivers/passthrough/pci.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index 3edcfa8a04..52c22fa50c 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -746,6 +746,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn,
                     printk(XENLOG_WARNING
                            "SR-IOV device %pp with vf BAR%u in IO space\n",
                            &pdev->sbdf, i);
+                    ++i;
                     continue;
                 }
                 ret = pci_size_mem_bar(pdev->sbdf, idx, NULL,
-- 
2.43.0

Re: [PATCH] xen/pci: prevent infinite loop for faulty SR-IOV cards

Posted by Andrew Cooper 5 days, 3 hours ago

On 24/10/2025 4:13 pm, Frediano Ziglio wrote:
> If a SR-IOV card presents an I/O space inside a BAR the
> code will continue to loop on the same card.
> This is due to the missing increment of the cycle variable.
>
> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>

Yes, that's buggy.  Was this from a real card, or just code inspection?

~Andrew

Re: [PATCH] xen/pci: prevent infinite loop for faulty SR-IOV cards

Posted by Frediano Ziglio 3 days, 23 hours ago

On Fri, 24 Oct 2025 at 16:58, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>
> On 24/10/2025 4:13 pm, Frediano Ziglio wrote:
> > If a SR-IOV card presents an I/O space inside a BAR the
> > code will continue to loop on the same card.
> > This is due to the missing increment of the cycle variable.
> >
> > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
>
> Yes, that's buggy.  Was this from a real card, or just code inspection?
>

Code inspection.

> ~Andrew

Frediano

Re: [PATCH] xen/pci: prevent infinite loop for faulty SR-IOV cards

Posted by Andrew Cooper 5 days, 3 hours ago

On 24/10/2025 4:58 pm, Andrew Cooper wrote:
> On 24/10/2025 4:13 pm, Frediano Ziglio wrote:
>> If a SR-IOV card presents an I/O space inside a BAR the
>> code will continue to loop on the same card.
>> This is due to the missing increment of the cycle variable.
>>
>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
> Yes, that's buggy.  Was this from a real card, or just code inspection?

Sorry, sent too early.

This was broken by a1a6d59862f4 ("pci: split code to size BARs from
pci_add_device") when it changed the loop from having an increment, to not.

~Andrew

Re: [PATCH] xen/pci: prevent infinite loop for faulty SR-IOV cards

Posted by Roger Pau Monné 2 days, 10 hours ago

On Fri, Oct 24, 2025 at 05:00:34PM +0100, Andrew Cooper wrote:
> On 24/10/2025 4:58 pm, Andrew Cooper wrote:
> > On 24/10/2025 4:13 pm, Frediano Ziglio wrote:
> >> If a SR-IOV card presents an I/O space inside a BAR the
> >> code will continue to loop on the same card.
> >> This is due to the missing increment of the cycle variable.
> >>
> >> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
> > Yes, that's buggy.  Was this from a real card, or just code inspection?
> 
> Sorry, sent too early.
> 
> This was broken by a1a6d59862f4 ("pci: split code to size BARs from
> pci_add_device") when it changed the loop from having an increment, to not.

That was my fault.

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

I think we want to consider, this for 4.21, what's your opinion
Oleksii?

Thanks, Roger.