pci_patch_ids() patches the checksum at the reserved 0x06 byte, but for EFI option ROMs the 32 bits at 0x04 are the EFI signature and must be 0x00000EF1. Since OVMF does not check vendor/device IDs in the PCIR header or the checksum, skip patching for EFI ROMs.
Reported-by: K S Maan <[email protected]> Signed-off-by: Tomita Moeko <[email protected]> --- hw/pci/pci.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 601d65aef3..8e7872523a 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -2513,11 +2513,16 @@ static void pci_patch_ids(PCIDevice *pdev, uint8_t *ptr, uint32_t size) return; } pcir_offset = pci_get_word(ptr + 0x18); - if (pcir_offset + 8 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) { + if (pcir_offset + 0x14 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) { trace_pci_bad_pcir_offset(pcir_offset); return; } + /* OVMF won't check IDs in PCIR header, skip EFI roms */ + if (pci_get_byte(ptr + pcir_offset + 0x14) == 0x03) { + return; + } + vendor_id = pci_get_word(pdev->config + PCI_VENDOR_ID); device_id = pci_get_word(pdev->config + PCI_DEVICE_ID); rom_vendor_id = pci_get_word(ptr + pcir_offset + 4); -- 2.53.0
