From: Chao Gao <chao.gao@intel.com>
Date: Mon, 1 Aug 2016 16:22:54 +0000 (+0200)
Subject: x86/vMSI-x: check whether msixtbl_list in msixtbl_pt_register()
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~656
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=6d61981d3619c6bad6134c2dac9774c00acca4fd;p=xen.git

x86/vMSI-x: check whether msixtbl_list in msixtbl_pt_register()

MSI-x tables' initializtion had been deferred in the commit
74c6dc2d0ac4dcab0c6243cdf6ed550c1532b798. If an assigned device does not support
MSI-x, the msixtbl_list won't be initialized. However, the following paths
    XEN_DOMCTL_bind_pt_irq
	pt_irq_create_bind
	    msixtbl_pt_register
do not check this case. Some errors(malwares, etc.) may lead to calling
XEN_DOMCTL_bind_pt_irq without a clear gtable and will cause Xen panic.

Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c
index ef1dfff8d7..d81c5d47c6 100644
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -459,7 +459,7 @@ int msixtbl_pt_register(struct domain *d, struct pirq *pirq, uint64_t gtable)
     ASSERT(pcidevs_locked());
     ASSERT(spin_is_locked(&d->event_lock));
 
-    if ( !has_vlapic(d) )
+    if ( !msixtbl_initialised(d) )
         return -ENODEV;
 
     /*