From 9772c480a71ad38cc2c342e4c2e78c2475de7268 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 26 Apr 2016 16:53:36 +0200
Subject: [PATCH] x86/vMSI-X: write snoops should ignore hvm_mmio_internal()
 requests

Those aren't actual I/O requests (and hence are of no interest here
anyway). Since they don't get copied into struct vcpu, looking at that
copy reads whatever was left there. Use the state of the request to
determine its validity.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
---
 xen/arch/x86/hvm/vmsi.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c
index 805e560701..53c24e5ada 100644
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -349,6 +349,8 @@ static int msixtbl_range(struct vcpu *v, unsigned long addr)
     {
         const ioreq_t *r = &v->arch.hvm_vcpu.hvm_io.io_req;
 
+        if ( r->state != STATE_IOREQ_READY )
+            return 0;
         ASSERT(r->type == IOREQ_TYPE_COPY);
         if ( r->dir == IOREQ_WRITE && r->size == 4 && !r->data_is_ptr
              && !(r->data & PCI_MSIX_VECTOR_BITMASK) )
-- 
2.30.2