commit b20d6e3029400b4b4b19c654192951f8bedd39cc
author Alexandru Elisei <alexandru.elisei@arm.com> Tue Oct 12 14:25:09 2021 +0100
committer Will Deacon <will@kernel.org> Wed Oct 13 08:36:59 2021 +0100
tree a91150363ea7a50f7addfc125914986a98c753a8
parent f93acc042fbd45ebd7540b391d2ac8c1134a0aa3

vfio/pci: Print an error when offset is outside of the MSIX table or PBA

Now that we keep track of the real size of MSIX table and PBA, print an
error when the guest tries to write to an offset which is not inside the
correct regions.

Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Link: https://lore.kernel.org/r/20211012132510.42134-7-alexandru.elisei@arm.com
Signed-off-by: Will Deacon <will@kernel.org>

vfio/pci.c

diff --git a/vfio/pci.c b/vfio/pci.c
index 582aedd..a08352d 100644
--- a/vfio/pci.c
+++ b/vfio/pci.c
@@ -249,6 +249,11 @@
 	u64 offset = addr - pba->guest_phys_addr;
 	struct vfio_device *vdev = container_of(pdev, struct vfio_device, pci);
 
+	if (offset >= pba->size) {
+		vfio_dev_err(vdev, "access outside of the MSIX PBA");
+		return;
+	}
+
 	if (is_write)
 		return;
 
@@ -269,6 +274,10 @@
 	struct vfio_device *vdev = container_of(pdev, struct vfio_device, pci);
 
 	u64 offset = addr - pdev->msix_table.guest_phys_addr;
+	if (offset >= pdev->msix_table.size) {
+		vfio_dev_err(vdev, "access outside of the MSI-X table");
+		return;
+	}
 
 	size_t vector = offset / PCI_MSIX_ENTRY_SIZE;
 	off_t field = offset % PCI_MSIX_ENTRY_SIZE;