Upstream-Status: Backport

Signed-off-by: Kai Kang <kai.kang@windriver.com>

From 0ad3393ad032f76e88b4dbd04d36ad84dff75dd6 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 2 Jun 2015 15:07:01 +0000
Subject: xen/pt: mark reserved bits in PCI config space fields
Bug-Debian: http://bugs.debian.org/787547

The adjustments are solely to make the subsequent patches work right
(and hence make the patch set consistent), namely if permissive mode
(introduced by the last patch) gets used (as both reserved registers
and reserved fields must be similarly protected from guest access in
default mode, but the guest should be allowed access to them in
permissive mode).

This is a preparatory patch for XSA-131.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
 hw/xen/xen_pt.h             |  2 ++
 hw/xen/xen_pt_config_init.c | 14 +++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

Index: qemu-2.2.0/hw/xen/xen_pt.h
===================================================================
--- qemu-2.2.0.orig/hw/xen/xen_pt.h
+++ qemu-2.2.0/hw/xen/xen_pt.h
@@ -101,6 +101,8 @@ struct XenPTRegInfo {
     uint32_t offset;
     uint32_t size;
     uint32_t init_val;
+    /* reg reserved field mask (ON:reserved, OFF:defined) */
+    uint32_t res_mask;
     /* reg read only field mask (ON:RO/ROS, OFF:other) */
     uint32_t ro_mask;
     /* reg emulate field mask (ON:emu, OFF:passthrough) */
Index: qemu-2.2.0/hw/xen/xen_pt_config_init.c
===================================================================
--- qemu-2.2.0.orig/hw/xen/xen_pt_config_init.c
+++ qemu-2.2.0/hw/xen/xen_pt_config_init.c
@@ -580,8 +580,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade
         .offset     = PCI_VENDOR_ID,
         .size       = 2,
         .init_val   = 0x0000,
-        .ro_mask    = 0xFFFF,
-        .emu_mask   = 0xFFFF,
+        .res_mask   = 0xF880,
+        .emu_mask   = 0x0743,
         .init       = xen_pt_vendor_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
         .u.w.write  = xen_pt_word_reg_write,
@@ -627,7 +627,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade
         .offset     = PCI_STATUS,
         .size       = 2,
         .init_val   = 0x0000,
-        .ro_mask    = 0x06FF,
+        .res_mask   = 0x0007,
+        .ro_mask    = 0x06F8,
         .emu_mask   = 0x0010,
         .init       = xen_pt_status_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
@@ -1004,7 +1005,8 @@ static XenPTRegInfo xen_pt_emu_reg_pm[]
         .offset     = PCI_PM_CTRL,
         .size       = 2,
         .init_val   = 0x0008,
-        .ro_mask    = 0xE1FC,
+        .res_mask   = 0x00F0,
+        .ro_mask    = 0xE10C,
         .emu_mask   = 0x810B,
         .init       = xen_pt_common_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
@@ -1292,7 +1294,8 @@ static XenPTRegInfo xen_pt_emu_reg_msi[]
         .offset     = PCI_MSI_FLAGS,
         .size       = 2,
         .init_val   = 0x0000,
-        .ro_mask    = 0xFF8E,
+        .res_mask   = 0xFE00,
+        .ro_mask    = 0x018E,
         .emu_mask   = 0x017E,
         .init       = xen_pt_msgctrl_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
@@ -1470,7 +1473,8 @@ static XenPTRegInfo xen_pt_emu_reg_msix[
         .offset     = PCI_MSI_FLAGS,
         .size       = 2,
         .init_val   = 0x0000,
-        .ro_mask    = 0x3FFF,
+        .res_mask   = 0x3800,
+        .ro_mask    = 0x07FF,
         .emu_mask   = 0x0000,
         .init       = xen_pt_msixctrl_reg_init,
         .u.w.read   = xen_pt_word_reg_read,