On Wed, Jun 17, 2026 at 06:06:39PM +0800, Tomita Moeko wrote: > pci_patch_ids() patches the checksum at the reserved 0x06 byte, but > for EFI option ROMs the 32 bits at 0x04 are the EFI signature and > must be 0x00000EF1. Since OVMF does not check vendor/device IDs in > the PCIR header or the checksum, skip patching for EFI ROMs. > > Reported-by: K S Maan <[email protected]> > Signed-off-by: Tomita Moeko <[email protected]>
Acked-by: Michael S. Tsirkin <[email protected]> > --- > hw/pci/pci.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/hw/pci/pci.c b/hw/pci/pci.c > index 601d65aef3..8e7872523a 100644 > --- a/hw/pci/pci.c > +++ b/hw/pci/pci.c > @@ -2513,11 +2513,16 @@ static void pci_patch_ids(PCIDevice *pdev, uint8_t > *ptr, uint32_t size) > return; > } > pcir_offset = pci_get_word(ptr + 0x18); > - if (pcir_offset + 8 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) { > + if (pcir_offset + 0x14 >= size || memcmp(ptr + pcir_offset, "PCIR", 4)) { > trace_pci_bad_pcir_offset(pcir_offset); > return; > } > > + /* OVMF won't check IDs in PCIR header, skip EFI roms */ > + if (pci_get_byte(ptr + pcir_offset + 0x14) == 0x03) { > + return; > + } > + > vendor_id = pci_get_word(pdev->config + PCI_VENDOR_ID); > device_id = pci_get_word(pdev->config + PCI_DEVICE_ID); > rom_vendor_id = pci_get_word(ptr + pcir_offset + 4); > -- > 2.53.0
