The function trap_msix() is to check if pcistg instruction would access msix table entries. The correct boundary condition should be [table_offset, table_offset+entries*entry_size). But the current condition calculated misses the last entry. So let's fixup it.
Acked-by: Dong Jia Shi <bjsdj...@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmo...@linux.vnet.ibm.com> Signed-off-by: Yi Min Zhao <zyi...@linux.vnet.ibm.com> --- hw/s390x/s390-pci-inst.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index b7beb8c36a..eba9ffb5f2 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -440,8 +440,8 @@ static int trap_msix(S390PCIBusDevice *pbdev, uint64_t offset, uint8_t pcias) { if (pbdev->msix.available && pbdev->msix.table_bar == pcias && offset >= pbdev->msix.table_offset && - offset <= pbdev->msix.table_offset + - (pbdev->msix.entries - 1) * PCI_MSIX_ENTRY_SIZE) { + offset < (pbdev->msix.table_offset + + pbdev->msix.entries * PCI_MSIX_ENTRY_SIZE)) { return 1; } else { return 0; -- 2.11.0 (Apple Git-81)