On 2025/09/27 22:58, Michael Tokarev wrote:
On 24.09.2025 20:51, Stefan Hajnoczi wrote:
On Wed, Sep 24, 2025 at 11:51:53AM -0400, Stefan Hajnoczi wrote:
Commit 3f9cfaa92c96 ("virtio-pci: Implement SR-IOV PF") added an
unconditional call from virtio_pci_exit() to pcie_sriov_pf_exit().
pcie_sriov_pf_exit() reads from the SR-IOV Capability in Configuration
Space:
uint8_t *cfg = dev->config + dev->exp.sriov_cap;
...
unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This results in undefined behavior when dev->exp.sriov_cap is 0 because
this is not an SR-IOV device. For example, unparent_vfs() segfaults when
total_vfs happens to be non-zero.
Fix this by returning early from pcie_sriov_pf_exit() when
dev->exp.sriov_cap is 0 because this is not an SR-IOV device.
Cc: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp>
Cc: Michael S. Tsirkin <m...@redhat.com>
Reported-by: Qing Wang <qinw...@redhat.com>
Buglink: https://issues.redhat.com/browse/RHEL-116443
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
---
hw/pci/pcie_sriov.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
CCing qemu-stable
Ping? Can we apply this to the master branch, so I can pick it
up for the stable series?
Reviewed-by: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp>
I also think it should have:
Fixes: cab1398a60eb ("pcie_sriov: Reuse SR-IOV VF device instances")
Regards,
Akihiko Odaki
