Commit df733ddc authored May 11, 2026 by Matt Evans Committed by Alex Williamson May 13, 2026

vfio/pci: Make VFIO_PCI_OFFSET_TO_INDEX() return unsigned



VFIO_PCI_OFFSET_TO_INDEX() is used in several places with a signed
parameter (e.g. loff_t).  Because it makes no sense for a BAR/resource
index to be negative, enforce this in the macro.

This fixes at least one current issue, where vfio_pci_ioeventfd() uses
this macro with an unvalidated signed loff_t returned into a signed
type, leading to a possible negative array access.  This instance does
test against an out-of-bounds positive value, so treating the index as
unsigned fixes this issue.

Fixes: 89e1f7d4 ("vfio: Add PCI device driver")
Signed-off-by: Matt Evans <mattev@meta.com>
Link: https://lore.kernel.org/r/20260511144642.2926799-1-mattev@meta.com


Signed-off-by: Alex Williamson <alex@shazbot.org>

parent c64a647c

include/linux/vfio_pci_core.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@
		#define VFIO_PCI_CORE_H

		#define VFIO_PCI_OFFSET_SHIFT 40
		#define VFIO_PCI_OFFSET_TO_INDEX(off) (off >> VFIO_PCI_OFFSET_SHIFT)
		#define VFIO_PCI_OFFSET_TO_INDEX(off) ((u64)(off) >> VFIO_PCI_OFFSET_SHIFT)
		#define VFIO_PCI_INDEX_TO_OFFSET(index) ((u64)(index) << VFIO_PCI_OFFSET_SHIFT)
		#define VFIO_PCI_OFFSET_MASK (((u64)(1) << VFIO_PCI_OFFSET_SHIFT) - 1)