From: Brian Russell <bruss...@brocade.com>

In virtio_read_caps and vtpci_msix_detect, rte_pci_read_config returns
the number of bytes read from PCI config or < 0 on error.
If less than the expected number of bytes are read then log the
failure and return rather than carrying on with garbage.

Fixes: 6ba1f63b5ab0 ("virtio: support specification 1.0")

Signed-off-by: Brian Russell <bruss...@brocade.com>
Signed-off-by: Luca Boccassi <bl...@debian.org>
---
v2: handle additional rte_pci_read_config incomplete reads
v3: do not handle rte_pci_read_config of virtio cap, added in v2,
    as it's less clear what the right thing to do there is
v4: do a more robust check - first check what the vendor is, and
    skip the cap entirely if it's not what we are looking for.
v5: fetch only 2 flags bytes if the vndr is PCI_CAP_ID_MSIX

 drivers/net/virtio/virtio_pci.c | 66 ++++++++++++++++++++++++---------
 1 file changed, 49 insertions(+), 17 deletions(-)

diff --git a/drivers/net/virtio/virtio_pci.c b/drivers/net/virtio/virtio_pci.c
index 6bd22e54a6..e900254a12 100644
--- a/drivers/net/virtio/virtio_pci.c
+++ b/drivers/net/virtio/virtio_pci.c
@@ -567,16 +567,18 @@ virtio_read_caps(struct rte_pci_device *dev, struct 
virtio_hw *hw)
        }
 
        ret = rte_pci_read_config(dev, &pos, 1, PCI_CAPABILITY_LIST);
-       if (ret < 0) {
-               PMD_INIT_LOG(DEBUG, "failed to read pci capability list");
+       if (ret != 1) {
+               PMD_INIT_LOG(DEBUG,
+                            "failed to read pci capability list, ret %d", ret);
                return -1;
        }
 
        while (pos) {
-               ret = rte_pci_read_config(dev, &cap, sizeof(cap), pos);
-               if (ret < 0) {
-                       PMD_INIT_LOG(ERR,
-                               "failed to read pci cap at pos: %x", pos);
+               ret = rte_pci_read_config(dev, &cap, 2, pos);
+               if (ret != 2) {
+                       PMD_INIT_LOG(DEBUG,
+                                    "failed to read pci cap at pos: %x ret %d",
+                                    pos, ret);
                        break;
                }
 
@@ -586,7 +588,16 @@ virtio_read_caps(struct rte_pci_device *dev, struct 
virtio_hw *hw)
                         * 1st byte is cap ID; 2nd byte is the position of next
                         * cap; next two bytes are the flags.
                         */
-                       uint16_t flags = ((uint16_t *)&cap)[1];
+                       uint16_t flags;
+
+                       ret = rte_pci_read_config(dev, &flags, sizeof(flags),
+                                       pos + 2);
+                       if (ret != sizeof(flags)) {
+                               PMD_INIT_LOG(DEBUG,
+                                            "failed to read pci cap at pos:"
+                                            " %x ret %d", pos + 2, ret);
+                               break;
+                       }
 
                        if (flags & PCI_MSIX_ENABLE)
                                hw->use_msix = VIRTIO_MSIX_ENABLED;
@@ -601,6 +612,14 @@ virtio_read_caps(struct rte_pci_device *dev, struct 
virtio_hw *hw)
                        goto next;
                }
 
+               ret = rte_pci_read_config(dev, &cap, sizeof(cap), pos);
+               if (ret != sizeof(cap)) {
+                       PMD_INIT_LOG(DEBUG,
+                                    "failed to read pci cap at pos: %x ret %d",
+                                    pos, ret);
+                       break;
+               }
+
                PMD_INIT_LOG(DEBUG,
                        "[%2x] cfg type: %u, bar: %u, offset: %04x, len: %u",
                        pos, cap.cfg_type, cap.bar, cap.offset, cap.length);
@@ -689,25 +708,38 @@ enum virtio_msix_status
 vtpci_msix_detect(struct rte_pci_device *dev)
 {
        uint8_t pos;
-       struct virtio_pci_cap cap;
        int ret;
 
        ret = rte_pci_read_config(dev, &pos, 1, PCI_CAPABILITY_LIST);
-       if (ret < 0) {
-               PMD_INIT_LOG(DEBUG, "failed to read pci capability list");
+       if (ret != 1) {
+               PMD_INIT_LOG(DEBUG,
+                            "failed to read pci capability list, ret %d", ret);
                return VIRTIO_MSIX_NONE;
        }
 
        while (pos) {
-               ret = rte_pci_read_config(dev, &cap, sizeof(cap), pos);
-               if (ret < 0) {
-                       PMD_INIT_LOG(ERR,
-                               "failed to read pci cap at pos: %x", pos);
+               uint8_t cap[2];
+
+               ret = rte_pci_read_config(dev, cap, sizeof(cap), pos);
+               if (ret != sizeof(cap)) {
+                       PMD_INIT_LOG(DEBUG,
+                                    "failed to read pci cap at pos: %x ret %d",
+                                    pos, ret);
                        break;
                }
 
-               if (cap.cap_vndr == PCI_CAP_ID_MSIX) {
-                       uint16_t flags = ((uint16_t *)&cap)[1];
+               if (cap[0] == PCI_CAP_ID_MSIX) {
+                       uint16_t flags;
+
+                       ret = rte_pci_read_config(dev, &flags, sizeof(flags),
+                                       pos + sizeof(cap));
+                       if (ret != sizeof(flags)) {
+                               PMD_INIT_LOG(DEBUG,
+                                            "failed to read pci cap at pos:"
+                                            " %lx ret %d", pos + sizeof(cap),
+                                            ret);
+                               break;
+                       }
 
                        if (flags & PCI_MSIX_ENABLE)
                                return VIRTIO_MSIX_ENABLED;
@@ -715,7 +747,7 @@ vtpci_msix_detect(struct rte_pci_device *dev)
                                return VIRTIO_MSIX_DISABLED;
                }
 
-               pos = cap.cap_next;
+               pos = cap[1];
        }
 
        return VIRTIO_MSIX_NONE;
-- 
2.18.0

Reply via email to