forked from Minki/linux
KVM: emulator: Fix permission checking in io permission bitmap
Currently if io port + len crosses 8bit boundary in io permission bitmap the check may allow IO that otherwise should not be allowed. The patch fixes that. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
This commit is contained in:
parent
5601d05b8c
commit
399a40c92d
@ -1769,8 +1769,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt,
|
|||||||
struct desc_struct tr_seg;
|
struct desc_struct tr_seg;
|
||||||
u32 base3;
|
u32 base3;
|
||||||
int r;
|
int r;
|
||||||
u16 io_bitmap_ptr;
|
u16 io_bitmap_ptr, perm, bit_idx = port & 0x7;
|
||||||
u8 perm, bit_idx = port & 0x7;
|
|
||||||
unsigned mask = (1 << len) - 1;
|
unsigned mask = (1 << len) - 1;
|
||||||
unsigned long base;
|
unsigned long base;
|
||||||
|
|
||||||
@ -1788,7 +1787,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt,
|
|||||||
return false;
|
return false;
|
||||||
if (io_bitmap_ptr + port/8 > desc_limit_scaled(&tr_seg))
|
if (io_bitmap_ptr + port/8 > desc_limit_scaled(&tr_seg))
|
||||||
return false;
|
return false;
|
||||||
r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 1, ctxt->vcpu,
|
r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 2, ctxt->vcpu,
|
||||||
NULL);
|
NULL);
|
||||||
if (r != X86EMUL_CONTINUE)
|
if (r != X86EMUL_CONTINUE)
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user