From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 26 Apr 2016 14:53:36 +0000 (+0200)
Subject: x86/vMSI-X: write snoops should ignore hvm_mmio_internal() requests
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~1243
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=9772c480a71ad38cc2c342e4c2e78c2475de7268;p=xen.git

x86/vMSI-X: write snoops should ignore hvm_mmio_internal() requests

Those aren't actual I/O requests (and hence are of no interest here
anyway). Since they don't get copied into struct vcpu, looking at that
copy reads whatever was left there. Use the state of the request to
determine its validity.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c
index 805e560701..53c24e5ada 100644
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -349,6 +349,8 @@ static int msixtbl_range(struct vcpu *v, unsigned long addr)
     {
         const ioreq_t *r = &v->arch.hvm_vcpu.hvm_io.io_req;
 
+        if ( r->state != STATE_IOREQ_READY )
+            return 0;
         ASSERT(r->type == IOREQ_TYPE_COPY);
         if ( r->dir == IOREQ_WRITE && r->size == 4 && !r->data_is_ptr
              && !(r->data & PCI_MSIX_VECTOR_BITMASK) )