From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from smtp.citrix.com ([66.165.176.89]:48242 "EHLO SMTP.CITRIX.COM"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751922AbcFURPO (ORCPT <rfc822;stable@vger.kernel.org>);
	Tue, 21 Jun 2016 13:15:14 -0400
Subject: Re: [Xen-devel] [PATCH] xen/pciback: Fix conf_space read/write
 overlap check.
To: Andrey Grodzovsky <andrey2805@gmail.com>,
	<xen-devel@lists.xenproject.org>
References: <1466519876-7205-1-git-send-email-andrey2805@gmail.com>
CC: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	<stable@vger.kernel.org>, Jan Beulich <JBeulich@suse.com>,
	<jw@quattru.com>
From: David Vrabel <david.vrabel@citrix.com>
Message-ID: <57697614.5020003@citrix.com>
Date: Tue, 21 Jun 2016 18:15:00 +0100
MIME-Version: 1.0
In-Reply-To: <1466519876-7205-1-git-send-email-andrey2805@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 21/06/16 15:37, Andrey Grodzovsky wrote:
> Current overlap check is evaluating to false a case where a filter field
> is fully contained (proper subset) of a r/w request.
> This change applies classical overlap check instead to include
> all the scenarios.

Reviewed-by: David Vrabel <david.vrabel@citrix.com>

But the commit message could do with a concrete example of an access
that failed.

David

> 
> Related to https://www.mail-archive.com/xen-devel@lists.xen.org/msg72174.html
> 
> Cc: Jan Beulich <JBeulich@suse.com>
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: stable@vger.kernel.org
> Signed-off-by: Andrey Grodzovsky <andrey2805@gmail.com>
> ---
>  drivers/xen/xen-pciback/conf_space.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/xen/xen-pciback/conf_space.c b/drivers/xen/xen-pciback/conf_space.c
> index 8e67336..6a25533 100644
> --- a/drivers/xen/xen-pciback/conf_space.c
> +++ b/drivers/xen/xen-pciback/conf_space.c
> @@ -183,8 +183,7 @@ int xen_pcibk_config_read(struct pci_dev *dev, int offset, int size,
>  		field_start = OFFSET(cfg_entry);
>  		field_end = OFFSET(cfg_entry) + field->size;
>  
> -		if ((req_start >= field_start && req_start < field_end)
> -		    || (req_end > field_start && req_end <= field_end)) {
> +		 if (req_end > field_start && field_end > req_start) {
>  			err = conf_space_read(dev, cfg_entry, field_start,
>  					      &tmp_val);
>  			if (err)
> @@ -230,8 +229,7 @@ int xen_pcibk_config_write(struct pci_dev *dev, int offset, int size, u32 value)
>  		field_start = OFFSET(cfg_entry);
>  		field_end = OFFSET(cfg_entry) + field->size;
>  
> -		if ((req_start >= field_start && req_start < field_end)
> -		    || (req_end > field_start && req_end <= field_end)) {
> +		 if (req_end > field_start && field_end > req_start) {
>  			tmp_val = 0;
>  
>  			err = xen_pcibk_config_read(dev, field_start,
>