Re: [PATCH v2] vfio/pci: sanitize bogus INTx interrupt pin values

Next message: Yuto Ohnuki: "Re: [PATCH v2] xfs: check da node block pad field during scrub"
Previous message: Yury Norov: "Re: [PATCH 1/1] bitfield.h: Ensure FIELD_PREP_CONST() is constant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alex Williamson

Date: Fri Apr 10 2026 - 13:02:25 EST

On Sat, 4 Apr 2026 20:14:36 +0200
Christos Longros <chris.longros@xxxxxxxxx> wrote:

> Hi Alex,
>
> The RTL8852CE reports a valid interrupt pin (INTA = 0x01) under
> normal operation. The 0xFF only appears after a VFIO bus reset
> bricks the device -- at that point the entire config space reads
> 0xFFFFFFFF, not just the pin register.
>
> Since the root cause is the device bricking on bus reset, I think
> the right fix is a PCI quirk rather than the generic bounds check
> I proposed here. I have a quirk_no_bus_reset patch ready for
> 10ec:c852 (RTL8852CE) -- I'll send that as a v3 instead.

Seems like the better solution.

> Should I drop this VFIO patch entirely, or is there value in
> keeping a safety net for the pin register? The PCI spec limits it
> to 0x00-0x04, so anything outside that range is invalid, but I
> understand if you'd rather not add checks for scenarios that
> shouldn't happen with functioning hardware.

The pin register is a bit arbitrary. We're talking about a scenario
where the device has gone fatal while it's in use. Is it vfio-pci's
job to sanitize every config space access to prevent userspace from
crashing in such a condition, or does QEMU need to apply a bit of
sanity itself? Maybe QEMU should detect the state of the device after
reset and perform a surprise removal if it's in a broken state. Thanks,

Alex