hv: vpci: restrict SOS access assigned PCI device

SOS should not access the physical PCI device which is assigned to other guest.

Tracked-On: #4371
Signed-off-by: Li Fei1 <fei1.li@intel.com>

hypervisor/dm/vpci/vmsix.c

@@ -194,10 +194,8 @@ int32_t vmsix_handle_table_mmio_access(struct io_request *io_req, void *handler_
 	void *hva;
 
 	vdev = (struct pci_vdev *)handler_private_data;
-	/* This device is assigned to post-launched VM from SOS */
-	if (vdev->new_owner != NULL) {
-		vdev = vdev->new_owner;
-	}
+	/* This device has not be assigned to other OS */
+	if (vdev->new_owner == NULL) {
 		offset = mmio->address - vdev->msix.mmio_gpa;
 
 		if (msixtable_access(vdev, (uint32_t)offset)) {
@@ -206,10 +204,8 @@ int32_t vmsix_handle_table_mmio_access(struct io_request *io_req, void *handler_
 			hva = hpa2hva(vdev->msix.mmio_hpa + offset);
 
 			/* Only DWORD and QWORD are permitted */
-		if ((mmio->size != 4U) && (mmio->size != 8U)) {
-			pr_err("%s, Only DWORD and QWORD are permitted", __func__);
-			ret = -EINVAL;
-		} else if (hva != NULL) {
+			if ((mmio->size == 4U) || (mmio->size == 8U)) {
+				if (hva != NULL) {
 					stac();
 					/* MSI-X PBA and Capability Table could be in the same range */
 					if (mmio->direction == REQUEST_READ) {
@@ -228,9 +224,14 @@ int32_t vmsix_handle_table_mmio_access(struct io_request *io_req, void *handler_
 						}
 					}
 					clac();
-		} else {
-			/* No other state currently, do nothing */
 				}
+			} else {
+				pr_err("%s, Only DWORD and QWORD are permitted", __func__);
+				ret = -EINVAL;
+			}
+		}
+	} else {
+		ret = -EFAULT;
 	}
 
 	return ret;

hypervisor/dm/vpci/vpci.c

@@ -341,7 +341,8 @@ static struct pci_vdev *find_vdev(struct acrn_vpci *vpci, union pci_bdf bdf)
 	struct pci_vdev *vdev = pci_find_vdev(vpci, bdf);
 
 	if ((vdev != NULL) && (vdev->vpci != vpci)) {
-		vdev = vdev->new_owner;
+		/* If the device is assigned to other guest, we could not access it */
+		vdev = NULL;
 	}
 
 	return vdev;