releases/4.4.17/xen-pciback-fix-conf_space-read-write-overlap-check.patch

   1 From 02ef871ecac290919ea0c783d05da7eedeffc10e Mon Sep 17 00:00:00 2001
   2 From: Andrey Grodzovsky <andrey2805@gmail.com>
   3 Date: Tue, 21 Jun 2016 14:26:36 -0400
   4 Subject: xen/pciback: Fix conf_space read/write overlap check.
   5
   6 From: Andrey Grodzovsky <andrey2805@gmail.com>
   7
   8 commit 02ef871ecac290919ea0c783d05da7eedeffc10e upstream.
   9
  10 Current overlap check is evaluating to false a case where a filter
  11 field is fully contained (proper subset) of a r/w request.  This
  12 change applies classical overlap check instead to include all the
  13 scenarios.
  14
  15 More specifically, for (Hilscher GmbH CIFX 50E-DP(M/S)) device driver
  16 the logic is such that the entire confspace is read and written in 4
  17 byte chunks. In this case as an example, CACHE_LINE_SIZE,
  18 LATENCY_TIMER and PCI_BIST are arriving together in one call to
  19 xen_pcibk_config_write() with offset == 0xc and size == 4.  With the
  20 exsisting overlap check the LATENCY_TIMER field (offset == 0xd, length
  21 == 1) is fully contained in the write request and hence is excluded
  22 from write, which is incorrect.
  23
  24 Signed-off-by: Andrey Grodzovsky <andrey2805@gmail.com>
  25 Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
  26 Reviewed-by: Jan Beulich <JBeulich@suse.com>
  27 Signed-off-by: David Vrabel <david.vrabel@citrix.com>
  28 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  29
  30 ---
  31  drivers/xen/xen-pciback/conf_space.c |    6 ++----
  32  1 file changed, 2 insertions(+), 4 deletions(-)
  33
  34 --- a/drivers/xen/xen-pciback/conf_space.c
  35 +++ b/drivers/xen/xen-pciback/conf_space.c
  36 @@ -183,8 +183,7 @@ int xen_pcibk_config_read(struct pci_dev
  37                 field_start = OFFSET(cfg_entry);
  38                 field_end = OFFSET(cfg_entry) + field->size;
  39
  40 -               if ((req_start >= field_start && req_start < field_end)
  41 -                   || (req_end > field_start && req_end <= field_end)) {
  42 +                if (req_end > field_start && field_end > req_start) {
  43                         err = conf_space_read(dev, cfg_entry, field_start,
  44                                               &tmp_val);
  45                         if (err)
  46 @@ -230,8 +229,7 @@ int xen_pcibk_config_write(struct pci_de
  47                 field_start = OFFSET(cfg_entry);
  48                 field_end = OFFSET(cfg_entry) + field->size;
  49
  50 -               if ((req_start >= field_start && req_start < field_end)
  51 -                   || (req_end > field_start && req_end <= field_end)) {
  52 +                if (req_end > field_start && field_end > req_start) {
  53                         tmp_val = 0;
  54
  55                         err = xen_pcibk_config_read(dev, field_start,