From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrey Grodzovsky <andrey2805@gmail.com>
Subject: Re: [PATCH] xen/pciback: Fix conf_space read/write
 overlap check.
Date: Tue, 21 Jun 2016 14:20:02 -0400
Message-ID: <CAJphD_pS7SCu7jpjXKEkjpPVaNp6H16POMt38qqZQJLD+FAa=Q@mail.gmail.com>
References: <1466519876-7205-1-git-send-email-andrey2805@gmail.com>
 <57697614.5020003@citrix.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8814948994145399714=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <andrey2805@gmail.com>) id 1bFQJo-0000VY-MS
 for xen-devel@lists.xenproject.org; Tue, 21 Jun 2016 18:22:36 +0000
Received: by mail-it0-f67.google.com with SMTP id y93so2391384ita.0
 for <xen-devel@lists.xenproject.org>; Tue, 21 Jun 2016 11:20:04 -0700 (PDT)
In-Reply-To: <57697614.5020003@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: David Vrabel <david.vrabel@citrix.com>
Cc: =?UTF-8?B?SsO8cmdlbiBXYWx0ZXIg4oCiIFF1YXR0cnU=?= <jw@quattru.com>, xen-devel@lists.xenproject.org, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Jan Beulich <JBeulich@suse.com>, stable@vger.kernel.org
List-Id: xen-devel@lists.xenproject.org

--===============8814948994145399714==
Content-Type: multipart/alternative; boundary=001a114a9388a5fe050535cddede

--001a114a9388a5fe050535cddede
Content-Type: text/plain; charset=UTF-8

On Tue, Jun 21, 2016 at 1:15 PM, David Vrabel <david.vrabel@citrix.com>
wrote:

> On 21/06/16 15:37, Andrey Grodzovsky wrote:
> > Current overlap check is evaluating to false a case where a filter field
> > is fully contained (proper subset) of a r/w request.
> > This change applies classical overlap check instead to include
> > all the scenarios.
>
> Reviewed-by: David Vrabel <david.vrabel@citrix.com>
>
> But the commit message could do with a concrete example of an access
> that failed.
>
> David


Thanks, will update the commit message and resubmit.

Andrey

>



>
> > Related to
> https://www.mail-archive.com/xen-devel@lists.xen.org/msg72174.html
> >
> > Cc: Jan Beulich <JBeulich@suse.com>
> > Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Andrey Grodzovsky <andrey2805@gmail.com>
> > ---
> >  drivers/xen/xen-pciback/conf_space.c | 6 ++----
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/xen/xen-pciback/conf_space.c
> b/drivers/xen/xen-pciback/conf_space.c
> > index 8e67336..6a25533 100644
> > --- a/drivers/xen/xen-pciback/conf_space.c
> > +++ b/drivers/xen/xen-pciback/conf_space.c
> > @@ -183,8 +183,7 @@ int xen_pcibk_config_read(struct pci_dev *dev, int
> offset, int size,
> >               field_start = OFFSET(cfg_entry);
> >               field_end = OFFSET(cfg_entry) + field->size;
> >
> > -             if ((req_start >= field_start && req_start < field_end)
> > -                 || (req_end > field_start && req_end <= field_end)) {
> > +              if (req_end > field_start && field_end > req_start) {
> >                       err = conf_space_read(dev, cfg_entry, field_start,
> >                                             &tmp_val);
> >                       if (err)
> > @@ -230,8 +229,7 @@ int xen_pcibk_config_write(struct pci_dev *dev, int
> offset, int size, u32 value)
> >               field_start = OFFSET(cfg_entry);
> >               field_end = OFFSET(cfg_entry) + field->size;
> >
> > -             if ((req_start >= field_start && req_start < field_end)
> > -                 || (req_end > field_start && req_end <= field_end)) {
> > +              if (req_end > field_start && field_end > req_start) {
> >                       tmp_val = 0;
> >
> >                       err = xen_pcibk_config_read(dev, field_start,
> >
>
>

--001a114a9388a5fe050535cddede
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Tue, Jun 21, 2016 at 1:15 PM, David Vrabel <span dir=3D"ltr">&lt;<a =
href=3D"mailto:david.vrabel@citrix.com" target=3D"_blank">david.vrabel@citr=
ix.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"=
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=
=3D"">On 21/06/16 15:37, Andrey Grodzovsky wrote:<br>
&gt; Current overlap check is evaluating to false a case where a filter fie=
ld<br>
&gt; is fully contained (proper subset) of a r/w request.<br>
&gt; This change applies classical overlap check instead to include<br>
&gt; all the scenarios.<br>
<br>
</span>Reviewed-by: David Vrabel &lt;<a href=3D"mailto:david.vrabel@citrix.=
com">david.vrabel@citrix.com</a>&gt;<br>
<br>
But the commit message could do with a concrete example of an access<br>
that failed.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
David</font></span></blockquote><div><br></div><div>Thanks, will update the=
 commit message and resubmit.</div><div><br></div><div>Andrey=C2=A0<br></di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:=
1px #ccc solid;padding-left:1ex">=C2=A0</blockquote><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">=C2=A0</blockquote><blockquote class=3D"gmail_quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"HOE=
nZb"><div class=3D"h5">
&gt;<br>
&gt; Related to <a href=3D"https://www.mail-archive.com/xen-devel@lists.xen=
.org/msg72174.html" rel=3D"noreferrer" target=3D"_blank">https://www.mail-a=
rchive.com/xen-devel@lists.xen.org/msg72174.html</a><br>
&gt;<br>
&gt; Cc: Jan Beulich &lt;<a href=3D"mailto:JBeulich@suse.com">JBeulich@suse=
.com</a>&gt;<br>
&gt; Cc: Boris Ostrovsky &lt;<a href=3D"mailto:boris.ostrovsky@oracle.com">=
boris.ostrovsky@oracle.com</a>&gt;<br>
&gt; Cc: <a href=3D"mailto:stable@vger.kernel.org">stable@vger.kernel.org</=
a><br>
&gt; Signed-off-by: Andrey Grodzovsky &lt;<a href=3D"mailto:andrey2805@gmai=
l.com">andrey2805@gmail.com</a>&gt;<br>
&gt; ---<br>
&gt;=C2=A0 drivers/xen/xen-pciback/conf_space.c | 6 ++----<br>
&gt;=C2=A0 1 file changed, 2 insertions(+), 4 deletions(-)<br>
&gt;<br>
&gt; diff --git a/drivers/xen/xen-pciback/conf_space.c b/drivers/xen/xen-pc=
iback/conf_space.c<br>
&gt; index 8e67336..6a25533 100644<br>
&gt; --- a/drivers/xen/xen-pciback/conf_space.c<br>
&gt; +++ b/drivers/xen/xen-pciback/conf_space.c<br>
&gt; @@ -183,8 +183,7 @@ int xen_pcibk_config_read(struct pci_dev *dev, int=
 offset, int size,<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0field_start =3D =
OFFSET(cfg_entry);<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0field_end =3D OF=
FSET(cfg_entry) + field-&gt;size;<br>
&gt;<br>
&gt; -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if ((req_start &gt;=
=3D field_start &amp;&amp; req_start &lt; field_end)<br>
&gt; -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|| (req=
_end &gt; field_start &amp;&amp; req_end &lt;=3D field_end)) {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (req_end &gt; fie=
ld_start &amp;&amp; field_end &gt; req_start) {<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0err =3D conf_space_read(dev, cfg_entry, field_start,<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0&amp;tmp_val);<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0if (err)<br>
&gt; @@ -230,8 +229,7 @@ int xen_pcibk_config_write(struct pci_dev *dev, in=
t offset, int size, u32 value)<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0field_start =3D =
OFFSET(cfg_entry);<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0field_end =3D OF=
FSET(cfg_entry) + field-&gt;size;<br>
&gt;<br>
&gt; -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if ((req_start &gt;=
=3D field_start &amp;&amp; req_start &lt; field_end)<br>
&gt; -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|| (req=
_end &gt; field_start &amp;&amp; req_end &lt;=3D field_end)) {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (req_end &gt; fie=
ld_start &amp;&amp; field_end &gt; req_start) {<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0tmp_val =3D 0;<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0err =3D xen_pcibk_config_read(dev, field_start,<br>
&gt;<br>
<br>
</div></div></blockquote></div><br></div></div>

--001a114a9388a5fe050535cddede--


--===============8814948994145399714==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs
IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y
Zy94ZW4tZGV2ZWwK

--===============8814948994145399714==--