Commit 0cfe6605 authored Apr 24, 2026 by Matthew Rosato Committed by Christian Borntraeger Apr 27, 2026

KVM: s390: pci: Fix aisb calculation

The current implementation of aisb calculation will erroneously index
via an unsigned long * as well as multiply by 8B for every 64-bits in
the offset; only one or the other is required. This throws off aisb
calculations once the number of devices exceeds 64, and can result
in out-of-bounds access as well as failure to indicate summary bits
associated with those devices in guests.

Fix this by converting to a physical address before applying the
offset, as is already done in arch/s390/pci/pci_irq.c.

Fixes: 3c5a1b6f ("KVM: s390: pci: provide routines for enabling/disabling interrupt forwarding")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>

parent 16d990a1

arch/s390/kvm/pci.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -166,7 +166,7 @@ static int kvm_zpci_set_airq(struct zpci_dev *zdev)
		fib.fmt0.noi = airq_iv_end(zdev->aibv);
		fib.fmt0.aibv = virt_to_phys(zdev->aibv->vector);
		fib.fmt0.aibvo = 0;
		fib.fmt0.aisb = virt_to_phys(aift->sbv->vector + (zdev->aisb / 64) * 8);
		fib.fmt0.aisb = virt_to_phys(aift->sbv->vector) + (zdev->aisb / 64) * 8;
		fib.fmt0.aisbo = zdev->aisb & 63;
		fib.gd = zdev->gisa;

		@@ -308,7 +308,7 @@ static int kvm_s390_pci_aif_enable(struct zpci_dev zdev, struct zpci_fib fib,

		/* Update guest FIB for re-issue */
		fib->fmt0.aisbo = zdev->aisb & 63;
		fib->fmt0.aisb = virt_to_phys(aift->sbv->vector + (zdev->aisb / 64) * 8);
		fib->fmt0.aisb = virt_to_phys(aift->sbv->vector) + (zdev->aisb / 64) * 8;
		fib->fmt0.isc = gisc;

		/* Save some guest fib values in the host for later use */