Those aren't actual I/O requests (and hence are of no interest here
anyway). Since they don't get copied into struct vcpu, looking at that
copy reads whatever was left there. Use the state of the request to
determine its validity.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -349,6 +349,8 @@ static int msixtbl_range(struct vcpu *v,
{
const ioreq_t *r = &v->arch.hvm_vcpu.hvm_io.io_req;
+ if ( r->state != STATE_IOREQ_READY )
+ return 0;
ASSERT(r->type == IOREQ_TYPE_COPY);
if ( r->dir == IOREQ_WRITE && r->size == 4 && !r->data_is_ptr
&& !(r->data & PCI_MSIX_VECTOR_BITMASK) )
x86/vMSI-X: write snoops should ignore hvm_mmio_internal() requests
Those aren't actual I/O requests (and hence are of no interest here
anyway). Since they don't get copied into struct vcpu, looking at that
copy reads whatever was left there. Use the state of the request to
determine its validity.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
--- a/xen/arch/x86/hvm/vmsi.c
+++ b/xen/arch/x86/hvm/vmsi.c
@@ -349,6 +349,8 @@ static int msixtbl_range(struct vcpu *v,
{
const ioreq_t *r = &v->arch.hvm_vcpu.hvm_io.io_req;
+ if ( r->state != STATE_IOREQ_READY )
+ return 0;
ASSERT(r->type == IOREQ_TYPE_COPY);
if ( r->dir == IOREQ_WRITE && r->size == 4 && !r->data_is_ptr
&& !(r->data & PCI_MSIX_VECTOR_BITMASK) )
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
