git: e425e601b978 - main - bhyve: verify OpRegion size

From: Corvin Köhne <corvink_at_FreeBSD.org>
Date: Tue, 04 Jun 2024 07:11:14 UTC
The branch main has been updated by corvink:

URL: https://cgit.FreeBSD.org/src/commit/?id=e425e601b9781c3585fcee4adf29a295a6b2aa45

commit e425e601b9781c3585fcee4adf29a295a6b2aa45
Author:     Corvin Köhne <corvink@FreeBSD.org>
AuthorDate: 2023-12-15 11:46:09 +0000
Commit:     Corvin Köhne <corvink@FreeBSD.org>
CommitDate: 2024-06-04 07:08:49 +0000

    bhyve: verify OpRegion size
    
    If the OpRegion size doesn't match the size of our igd_opregion struct, it's
    using a different layout than we're expecting. To avoid strange issues, we
    should exit hard. If we see any devices in the field with a different OpRegion
    size, we can analyse it and fix it accordingly.
    
    Reviewed by:            markj
    MFC after:              1 week
    Sponsored by:           Beckhoff Automation GmbH & Co. KG
    Differential Revision:  https://reviews.freebsd.org/D45335
---
 usr.sbin/bhyve/amd64/pci_gvt-d.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/usr.sbin/bhyve/amd64/pci_gvt-d.c b/usr.sbin/bhyve/amd64/pci_gvt-d.c
index 95f9066498d6..8cd5d21c8e6d 100644
--- a/usr.sbin/bhyve/amd64/pci_gvt-d.c
+++ b/usr.sbin/bhyve/amd64/pci_gvt-d.c
@@ -222,6 +222,13 @@ gvt_d_setup_opregion(struct pci_devinst *const pi)
 	opregion->len = header->size * KB;
 	munmap(header, sizeof(*header));
 
+	if (opregion->len != sizeof(struct igd_opregion)) {
+		warnx("%s: Invalid OpRegion size of 0x%lx", __func__,
+		    opregion->len);
+		close(memfd);
+		return (-1);
+	}
+
 	opregion->hva = mmap(NULL, opregion->len, PROT_READ, MAP_SHARED, memfd,
 	    opregion->hpa);
 	if (opregion->hva == MAP_FAILED) {