pci: rollback BAR address on failed move_bar

CMGS · CMGS · commit 6b9e315e80c8 · 2026-04-02T20:57:55.000+08:00
When a guest (e.g. Windows) programs a BAR to an address outside
the allocatable MMIO range, move_bar fails but the config
register has already been updated by detect_bar_reprogramming.
This inconsistency between config space and MMIO mapping causes
virtio device activation to fail (too few queues enabled),
crashing the VMM.

Restore the BAR address in both config registers and internal
bar_regions when move_bar fails, so the device remains
functional at its original address.

Signed-off-by: CMGS &lt;ilskdw@gmail.com&gt;
diff --git a/pci/src/bus.rs b/pci/src/bus.rs
@@ -10,7 +10,7 @@ use std::ops::DerefMut;
 use std::sync::{Arc, Barrier, Mutex};
 
 use byteorder::{ByteOrder, LittleEndian};
-use log::error;
+use log::warn;
 use thiserror::Error;
 use vm_device::{Bus, BusDevice, BusDeviceSync};
 
@@ -280,10 +280,15 @@ impl PciConfigIo {
                     device.deref_mut(),
                     params.region_type,
                 ) {
-                    error!(
-                        "Failed moving device BAR: {}: 0x{:x}->0x{:x}(0x{:x})",
+                    warn!(
+                        "Failed moving device BAR: {}: 0x{:x}->0x{:x}(0x{:x}), keeping old BAR",
                         e, params.old_base, params.new_base, params.len
                     );
+                    // Rollback: the config register was already updated to
+                    // new_base by detect_bar_reprogramming(). Restore it by
+                    // writing back the old address so device state stays
+                    // consistent with the MMIO bus mapping.
+                    device.restore_bar_addr(params);
                 }
             }
 
@@ -405,10 +410,11 @@ impl PciConfigMmio {
                     device.deref_mut(),
                     params.region_type,
                 ) {
-                    error!(
-                        "Failed moving device BAR: {}: 0x{:x}->0x{:x}(0x{:x})",
+                    warn!(
+                        "Failed moving device BAR: {}: 0x{:x}->0x{:x}(0x{:x}), keeping old BAR",
                         e, params.old_base, params.new_base, params.len
                     );
+                    device.restore_bar_addr(params);
                 }
             }
         }
diff --git a/pci/src/configuration.rs b/pci/src/configuration.rs
@@ -1093,6 +1093,20 @@ impl PciConfiguration {
     pub(crate) fn clear_pending_bar_reprogram(&mut self) {
         self.pending_bar_reprogram = Vec::new();
     }
+
+    /// Restore BAR address after a failed move. This undoes the premature
+    /// address update in detect_bar_reprogramming() so that config space
+    /// stays consistent with the actual MMIO mapping.
+    pub fn restore_bar_addr(&mut self, params: &BarReprogrammingParams) {
+        for bar in self.bars.iter_mut() {
+            if u64::from(bar.addr) == params.new_base
+                || (u64::from(bar.addr) << 32) == params.new_base
+            {
+                bar.addr = params.old_base as u32;
+                break;
+            }
+        }
+    }
 }
 
 impl Pausable for PciConfiguration {}
diff --git a/pci/src/device.rs b/pci/src/device.rs
@@ -93,6 +93,10 @@ pub trait PciDevice: Send {
     fn move_bar(&mut self, _old_base: u64, _new_base: u64) -> result::Result<(), io::Error> {
         Ok(())
     }
+    /// Restore BAR address in config space after a failed move_bar.
+    /// This rolls back the address update made by detect_bar_reprogramming()
+    /// so that the config register stays consistent with the MMIO bus mapping.
+    fn restore_bar_addr(&mut self, _params: &BarReprogrammingParams) {}
     /// Provides a mutable reference to the Any trait. This is useful to let
     /// the caller have access to the underlying type behind the trait.
     fn as_any_mut(&mut self) -> &mut dyn Any;
diff --git a/virtio-devices/src/transport/pci_device.rs b/virtio-devices/src/transport/pci_device.rs
@@ -1133,6 +1133,17 @@ impl PciDevice for VirtioPciDevice {
         Ok(())
     }
 
+    fn restore_bar_addr(&mut self, params: &BarReprogrammingParams) {
+        // Undo move_bar's bar_regions update
+        for bar in self.bar_regions.iter_mut() {
+            if bar.addr() == params.new_base {
+                *bar = bar.set_address(params.old_base);
+            }
+        }
+        // Undo config register update
+        self.configuration.restore_bar_addr(params);
+    }
+
     fn read_bar(&mut self, _base: u64, offset: u64, data: &mut [u8]) {
         match offset {
             o if o < COMMON_CONFIG_BAR_OFFSET + COMMON_CONFIG_SIZE => self.common_config.read(
