Bug 43339 - Wrong Pci-Bridge Header Type check.
Summary: Wrong Pci-Bridge Header Type check.
Alias: None
Product: Virtualization
Classification: Unclassified
Component: kvm (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: virtualization_kvm
Depends on:
Reported: 2012-06-04 14:28 UTC by Vladimir Koshelev
Modified: 2012-08-15 22:00 UTC (History)
3 users (show)

See Also:
Kernel Version: 3.4
Tree: Mainline
Regression: No


Description Vladimir Koshelev 2012-06-04 14:28:44 UTC
I have found bug in file virt/kvm/assigned-device.c

670         /* Don't allow bridges to be assigned */
671         pci_read_config_byte(dev, PCI_HEADER_TYPE, &header_type);
672         if ((header_type & PCI_HEADER_TYPE) != PCI_HEADER_TYPE_NORMAL) {
673                 r = -EPERM;
674                 goto out_put;
675         }

This code doesn't check that device is PCI-Bridge. In my case

header_type is 1,  default value for PCI-Bridge

So, 1 & 0xE == 0 thus KVM assigns pci-bridge device to VM successfully.
Comment 1 Alex Williamson 2012-06-05 18:33:46 UTC
(In reply to comment #0)
> So, 1 & 0xE == 0 thus KVM assigns pci-bridge device to VM successfully.

Have you found this to be true in practice?  The test here is clearly wrong, but immediately after this we test pci-sysfs resource permissions.  We only test standard device resources, as we're not expecting a bridge to get through, but I believe those should all be zero for a bridge, which will result in denying assignment of the device because it has no resources.  If you have a pci-bridge that actually makes it through that test, please include lspci -vvv for it here.  Thanks
Comment 2 Alex Williamson 2012-06-05 19:43:18 UTC
Follow-up; I guess a bridge implementing BARs is not that unique.  Many bridges do not have BARs, which should be rejected from assignment outright.  Those with BARs will still fall into the requirement that the user will require permission to the pci-sysfs resource files, so a privileged entity still has to grant access to the device.  Let me know if you find differently.  Thanks
Comment 3 Florian Mickler 2012-07-01 09:40:03 UTC
A patch referencing this bug report has been merged in Linux v3.5-rc4:

commit f961f72836eb6c0fd76201f6f6b2fafff93c4cea
Author: Jan Kiszka <jan.kiszka@siemens.com>
Date:   Fri Jun 15 07:56:20 2012 -0600

    KVM: Fix PCI header check on device assignment

Note You need to log in before you can comment on or make changes to this bug.