From 32cfb3eef3edecaf1986c7be0894f4a3f431c1eb Mon Sep 17 00:00:00 2001 From: jhb Date: Tue, 6 Aug 2019 23:15:04 +0000 Subject: [PATCH] Detect invalid PCI devices more correctly in PCI interrupt router drivers. - Check for an invalid device (vendor is invalid) before reading the header type register when examining function 0 of a possible device. - When iterating over functions of a device, reject any device whose 16-bit vendor is invalid rather than requiring the full 32-bit vendor+device to be all 1's. In practice the latter check is probably fine, but checking the vendor is what the PCI spec recommends. Reviewed by: imp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D21147 --- sys/dev/acpica/acpi_pci_link.c | 7 +++++-- sys/i386/pci/pci_pir.c | 11 +++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/sys/dev/acpica/acpi_pci_link.c b/sys/dev/acpica/acpi_pci_link.c index 2ce7e691d26..f172382c7fc 100644 --- a/sys/dev/acpica/acpi_pci_link.c +++ b/sys/dev/acpica/acpi_pci_link.c @@ -580,6 +580,9 @@ acpi_pci_link_search_irq(int bus, int device, int pin) uint8_t func, maxfunc; /* See if we have a valid device at function 0. */ + value = pci_cfgregread(bus, device, 0, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) + return (PCI_INVALID_IRQ); value = pci_cfgregread(bus, device, 0, PCIR_HDRTYPE, 1); if ((value & PCIM_HDRTYPE) > PCI_MAXHDRTYPE) return (PCI_INVALID_IRQ); @@ -590,8 +593,8 @@ acpi_pci_link_search_irq(int bus, int device, int pin) /* Scan all possible functions at this device. */ for (func = 0; func <= maxfunc; func++) { - value = pci_cfgregread(bus, device, func, PCIR_DEVVENDOR, 4); - if (value == 0xffffffff) + value = pci_cfgregread(bus, device, func, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) continue; value = pci_cfgregread(bus, device, func, PCIR_INTPIN, 1); diff --git a/sys/i386/pci/pci_pir.c b/sys/i386/pci/pci_pir.c index 863efd85907..e9c29b6987a 100644 --- a/sys/i386/pci/pci_pir.c +++ b/sys/i386/pci/pci_pir.c @@ -257,8 +257,8 @@ pci_pir_create_links(struct PIR_entry *entry, struct PIR_intpin *intpin, } /* - * Look to see if any of the function on the PCI device at bus/device have - * an interrupt routed to intpin 'pin' by the BIOS. + * Look to see if any of the functions on the PCI device at bus/device + * have an interrupt routed to intpin 'pin' by the BIOS. */ static uint8_t pci_pir_search_irq(int bus, int device, int pin) @@ -267,6 +267,9 @@ pci_pir_search_irq(int bus, int device, int pin) uint8_t func, maxfunc; /* See if we have a valid device at function 0. */ + value = pci_cfgregread(bus, device, 0, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) + return (PCI_INVALID_IRQ); value = pci_cfgregread(bus, device, 0, PCIR_HDRTYPE, 1); if ((value & PCIM_HDRTYPE) > PCI_MAXHDRTYPE) return (PCI_INVALID_IRQ); @@ -277,8 +280,8 @@ pci_pir_search_irq(int bus, int device, int pin) /* Scan all possible functions at this device. */ for (func = 0; func <= maxfunc; func++) { - value = pci_cfgregread(bus, device, func, PCIR_DEVVENDOR, 4); - if (value == 0xffffffff) + value = pci_cfgregread(bus, device, func, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) continue; value = pci_cfgregread(bus, device, func, PCIR_INTPIN, 1); -- 2.45.0