#define OPREGION_SIZE (8 * 1024)
#define OPREGION_PCI_ADDR 0xfc
+#define OPREGION_RVDA 0x3ba
+#define OPREGION_RVDS 0x3c2
+#define OPREGION_VERSION 0x16
+
static size_t vfio_pci_igd_rw(struct vfio_pci_device *vdev, char __user *buf,
size_t count, loff_t *ppos, bool iswrite)
{
u32 addr, size;
void *base;
int ret;
+ u16 version;
ret = pci_read_config_dword(vdev->pdev, OPREGION_PCI_ADDR, &addr);
if (ret)
size *= 1024; /* In KB */
+ /*
+ * Support opregion v2.1+
+ * When VBT data exceeds 6KB size and cannot be within mailbox #4, then
+ * the Extended VBT region next to opregion is used to hold the VBT data.
+ * RVDA (Relative Address of VBT Data from Opregion Base) and RVDS
+ * (Raw VBT Data Size) from opregion structure member are used to hold the
+ * address from region base and size of VBT data. RVDA/RVDS are not
+ * defined before opregion 2.0.
+ *
+ * opregion 2.1+: RVDA is unsigned, relative offset from
+ * opregion base, and should point to the end of opregion.
+ * otherwise, exposing to userspace to allow read access to everything between
+ * the OpRegion and VBT is not safe.
+ * RVDS is defined as size in bytes.
+ *
+ * opregion 2.0: rvda is the physical VBT address.
+ * Since rvda is HPA it cannot be directly used in guest.
+ * And it should not be practically available for end user,so it is not supported.
+ */
+ version = le16_to_cpu(*(__le16 *)(base + OPREGION_VERSION));
+ if (version >= 0x0200) {
+ u64 rvda;
+ u32 rvds;
+
+ rvda = le64_to_cpu(*(__le64 *)(base + OPREGION_RVDA));
+ rvds = le32_to_cpu(*(__le32 *)(base + OPREGION_RVDS));
+ if (rvda && rvds) {
+ /* no support for opregion v2.0 with physical VBT address */
+ if (version == 0x0200) {
+ memunmap(base);
+ pci_err(vdev->pdev,
+ "IGD assignment does not support opregion v2.0 with an extended VBT region\n");
+ return -EINVAL;
+ }
+
+ if (rvda != size) {
+ memunmap(base);
+ pci_err(vdev->pdev,
+ "Extended VBT does not follow opregion on version 0x%04x\n",
+ version);
+ return -EINVAL;
+ }
+
+ /* region size for opregion v2.0+: opregion and VBT size. */
+ size += rvds;
+ }
+ }
+
if (size != OPREGION_SIZE) {
memunmap(base);
base = memremap(addr, size, MEMREMAP_WB);