x86/PCI: make all config space writes subject to XSM checking

Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/pci.c
+++ b/xen/arch/x86/pci.c
@@ -7,6 +7,7 @@
 #include <xen/spinlock.h>
 #include <xen/pci.h>
 #include <asm/io.h>
+#include <xsm/xsm.h>
 
 static DEFINE_SPINLOCK(pci_config_lock);
 
@@ -73,7 +74,12 @@ int pci_conf_write_intercept(unsigned in
                              uint32_t *data)
 {
     struct pci_dev *pdev;
-    int rc = 0;
+    int rc = xsm_pci_config_permission(XSM_HOOK, current->domain, bdf,
+                                       reg, reg + size - 1, 1);
+
+    if ( rc < 0 )
+        return rc;
+    ASSERT(!rc);
 
     /*
      * Avoid expensive operations when no hook is going to do anything
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1823,11 +1823,9 @@ static bool_t pci_cfg_ok(struct domain *
             start |= CF8_ADDR_HI(currd->arch.pci_cf8);
     }
 
-    if ( xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
-                                   start, start + size - 1, !!write) != 0 )
-         return 0;
-
-    return !write ||
+    return !write ?
+           xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
+                                     start, start + size - 1, 0) == 0 :
            pci_conf_write_intercept(0, machine_bdf, start, size, write) >= 0;
 }