The branch main has been updated by corvink:
URL:
https://cgit.FreeBSD.org/src/commit/?id=e425e601b9781c3585fcee4adf29a295a6b2aa45
commit e425e601b9781c3585fcee4adf29a295a6b2aa45
Author: Corvin Köhne <corv...@freebsd.org>
AuthorDate: 2023-12-15 11:46:09 +0000
Commit: Corvin Köhne <corv...@freebsd.org>
CommitDate: 2024-06-04 07:08:49 +0000
bhyve: verify OpRegion size
If the OpRegion size doesn't match the size of our igd_opregion struct, it's
using a different layout than we're expecting. To avoid strange issues, we
should exit hard. If we see any devices in the field with a different
OpRegion
size, we can analyse it and fix it accordingly.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45335
---
usr.sbin/bhyve/amd64/pci_gvt-d.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/usr.sbin/bhyve/amd64/pci_gvt-d.c b/usr.sbin/bhyve/amd64/pci_gvt-d.c
index 95f9066498d6..8cd5d21c8e6d 100644
--- a/usr.sbin/bhyve/amd64/pci_gvt-d.c
+++ b/usr.sbin/bhyve/amd64/pci_gvt-d.c
@@ -222,6 +222,13 @@ gvt_d_setup_opregion(struct pci_devinst *const pi)
opregion->len = header->size * KB;
munmap(header, sizeof(*header));
+ if (opregion->len != sizeof(struct igd_opregion)) {
+ warnx("%s: Invalid OpRegion size of 0x%lx", __func__,
+ opregion->len);
+ close(memfd);
+ return (-1);
+ }
+
opregion->hva = mmap(NULL, opregion->len, PROT_READ, MAP_SHARED, memfd,
opregion->hpa);
if (opregion->hva == MAP_FAILED) {
