x86/hvm/ioreq: MMIO range checking completely ignores direction flag

author Paul Durrant <paul.durrant@citrix.com>

Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)

committer Jan Beulich <jbeulich@suse.com>

Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)
author Paul Durrant <paul.durrant@citrix.com>
Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)
committer Jan Beulich <jbeulich@suse.com>
Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)
diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c

index ebada7225b1f356fbd4857a78bbffb3474c3e096..f39f391929526ac3d6d8c1b60517cb11bd7da4e4 100644 (file)
--- a/xen/arch/x86/hvm/ioreq.c
+++ b/xen/arch/x86/hvm/ioreq.c
@@ -1353,20 +1353,25 @@ struct hvm_ioreq_server *hvm_select_ioreq_server(struct domain *d,
  
          switch ( type )
          {
-            unsigned long end;
+            unsigned long start, end;
  
          case XEN_DMOP_IO_RANGE_PORT:
-            end = addr + p->size - 1;
-            if ( rangeset_contains_range(r, addr, end) )
+            start = addr;
+            end = start + p->size - 1;
+            if ( rangeset_contains_range(r, start, end) )
                  return s;
  
              break;
+
          case XEN_DMOP_IO_RANGE_MEMORY:
-            end = addr + (p->size * p->count) - 1;
-            if ( rangeset_contains_range(r, addr, end) )
+            start = hvm_mmio_first_byte(p);
+            end = hvm_mmio_last_byte(p);
+
+            if ( rangeset_contains_range(r, start, end) )
                  return s;
  
              break;
+
          case XEN_DMOP_IO_RANGE_PCI:
              if ( rangeset_contains_singleton(r, addr >> 32) )
              {
author	Paul Durrant <paul.durrant@citrix.com>
	Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Fri, 14 Sep 2018 11:03:38 +0000 (13:03 +0200)