KVM: emulator: Fix permission checking in io permission bitmap

Currently if io port + len crosses 8bit boundary in io permission bitmap the check may allow IO that otherwise should not be allowed. The patch fixes that. Signed-off-by: N Gleb Natapov <gleb@redhat.com> Signed-off-by: N Avi Kivity <avi@redhat.com>

KVM: emulator: Fix permission checking in io permission bitmap
Currently if io port + len crosses 8bit boundary in io permission bitmap the check may allow IO that otherwise should not be allowed. The patch fixes that. Signed-off-by: N Gleb Natapov <gleb@redhat.com> Signed-off-by: N Avi Kivity <avi@redhat.com>
399a40c9 · Gleb Natapov · Marcelo Tosatti · 5601d05b · 399a40c9
隐藏空白更改
内联并排

Showing with 2 addition and 3 deletion

arch/x86/kvm/emulate.c arch/x86/kvm/emulate.c +2 -3

未找到文件。
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1769,8 +1769,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt,
 	struct desc_struct tr_seg;
 	u32 base3;
 	int r;
-	u16 io_bitmap_ptr;
-	u8 perm, bit_idx = port & 0x7;
+	u16 io_bitmap_ptr, perm, bit_idx = port & 0x7;
 	unsigned mask = (1 << len) - 1;
 	unsigned long base;

@@ -1788,7 +1787,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt,
 		return false;
 	if (io_bitmap_ptr + port/8 > desc_limit_scaled(&tr_seg))
 		return false;
-	r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 1, ctxt->vcpu,
+	r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 2, ctxt->vcpu,
 			  NULL);
 	if (r != X86EMUL_CONTINUE)
 		return false;