mirror of
https://github.com/qemu/qemu.git
synced 2025-08-09 10:25:06 +00:00
cad9aa6fbd
Fix issues in PCIe SR-IOV configuration register handling that caused inconsistent internal state due to improper write mask handling and incorrect migration behavior. Two main problems were identified: 1. VF Enable bit write mask handling: pcie_sriov_config_write() incorrectly assumed that its val parameter was already masked, causing it to ignore the actual write mask. This led to the VF Enable bit being processed even when masked, resulting in incorrect VF registration/unregistration. It is identified as CVE-2025-54567. 2. Migration state inconsistency: pcie_sriov_pf_post_load() unconditionally called register_vfs() regardless of the VF Enable bit state, creating inconsistent internal state when VFs should not be enabled. Additionally, it failed to properly update the NumVFs write mask based on the current configuration. It is identified as CVE-2025-54566. Root cause analysis revealed that both functions relied on incorrect special-case assumptions instead of properly reading and consuming the actual configuration values. This change introduces a unified consume_config() function that reads actual configuration values and synchronize the internal state without special-case assumptions. The solution only adds register read overhead in non-hot-path code while ensuring correct SR-IOV state management across configuration writes and migration scenarios. Fixes: |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| meson.build | ||
| msi.c | ||
| msix.c | ||
| pci_bridge.c | ||
| pci_host.c | ||
| pci-hmp-cmds.c | ||
| pci-internal.h | ||
| pci-qmp-cmds.c | ||
| pci-stub.c | ||
| pci.c | ||
| pcie_aer.c | ||
| pcie_doe.c | ||
| pcie_host.c | ||
| pcie_port.c | ||
| pcie_sriov.c | ||
| pcie.c | ||
| shpc.c | ||
| slotid_cap.c | ||
| trace-events | ||
| trace.h | ||