From de8627767968d84385648b399317b1b55323bc15 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 28 Apr 2016 15:10:22 +0200
Subject: [PATCH] x86/vMSI-X: add further checks to snoop logic

msixtbl_range(), as any other MMIO ->check() handlers, may get called
with other than the base address of an access - avoid the snoop logic
considering those.

Also avoid considering vCPU-s not blocked in the hypervisor in
msixtbl_pt_register(), just to be on the safe side.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
---
 xen/arch/x86/hvm/vmsi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c
index 53c24e5ada..d07f0c45c4 100644
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -349,7 +349,7 @@ static int msixtbl_range(struct vcpu *v, unsigned long addr)
     {
         const ioreq_t *r = &v->arch.hvm_vcpu.hvm_io.io_req;
 
-        if ( r->state != STATE_IOREQ_READY )
+        if ( r->state != STATE_IOREQ_READY || r->addr != addr )
             return 0;
         ASSERT(r->type == IOREQ_TYPE_COPY);
         if ( r->dir == IOREQ_WRITE && r->size == 4 && !r->data_is_ptr
@@ -457,7 +457,8 @@ out:
 
         for_each_vcpu ( d, v )
         {
-            if ( v->arch.hvm_vcpu.hvm_io.msix_snoop_address ==
+            if ( (v->pause_flags & VPF_blocked_in_xen) &&
+                 v->arch.hvm_vcpu.hvm_io.msix_snoop_address ==
                  (gtable + msi_desc->msi_attrib.entry_nr *
                            PCI_MSIX_ENTRY_SIZE +
                   PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET) )
-- 
2.30.2