[PATCH] hw/cxl: fixed the determination of illegal physical addresses

[peng guo <engguopeng@buaa.edu.cn>]

When physical address range in the input payload of scan media command
exceeds static_mem_size but does not exceed the sum of static and dynamic
memory, the scan media mailbox command unexpectedly returns an invalid input.

It is handled differently depending on whether dynamic memory is present
or not.If dynamic memory exists, check whether the address range of the 
request exceeds the range of static memory and dynamic memory.If dynamic 
memory does not exist, then check whether the address range of the request 
exceeds the static memory size.

Fixes: d61cc5b6a8d3 ("hw/cxl: Add get scan media capabilities cmd support")
Signed-off-by: peng guo <engguopeng@buaa.edu.cn>
---
 hw/cxl/cxl-mailbox-utils.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 3ebbd32e10..b23c6b9b0b 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1943,11 +1943,12 @@ static CXLRetCode cmd_media_scan_media(const struct cxl_cmd *cmd,
     }
     query_length = ldq_le_p(&in->length) * CXL_CACHE_LINE_SIZE;
 
-    if (query_start + query_length > cxl_dstate->static_mem_size) {
-        return CXL_MBOX_INVALID_PA;
-    }
-    if (ct3d->dc.num_regions && query_start + query_length >=
+    if (ct3d->dc.num_regions) {
+        if (query_start + query_length >=
             cxl_dstate->static_mem_size + ct3d->dc.total_capacity) {
+                return CXL_MBOX_INVALID_PA;
+            }
+    } else if (query_start + query_length > cxl_dstate->static_mem_size) {
         return CXL_MBOX_INVALID_PA;
     }
 
-- 
2.43.0