From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 29 Jun 2012 16:06:25 +0000 (+0100)
Subject: passthrough: fix off-by-one in PCI config space register index check
X-Git-Tag: xen-4.2.0-rc1~1
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=fa2e8e3bc869c04d4a4d9b8f70c1cab7e53778d6;p=qemu-xen-4.2-testing.git

passthrough: fix off-by-one in PCI config space register index check

Register 255 (0xff) is still valid to be accessed.

Reported-by: Rolu <rolu@roce.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---

diff --git a/hw/pass-through.c b/hw/pass-through.c
index 8581253bc..6e396e37f 100644
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -1538,7 +1538,7 @@ static void pt_pci_write_config(PCIDevice *d, uint32_t address, uint32_t val,
 #endif
 
     /* check offset range */
-    if (address >= 0xFF)
+    if (address > 0xFF)
     {
         PT_LOG_DEV(d, "Error: Failed to write register with offset exceeding FFh. "
             "[Offset:%02xh][Length:%d]\n", address, len);
@@ -1714,7 +1714,7 @@ static uint32_t pt_pci_read_config(PCIDevice *d, uint32_t address, int len)
     int ret = 0;
 
     /* check offset range */
-    if (address >= 0xFF)
+    if (address > 0xFF)
     {
         PT_LOG_DEV(d, "Error: Failed to read register with offset exceeding FFh. "
             "[Offset:%02xh][Length:%d]\n", address, len);