Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 399a40c9 authored by Gleb Natapov's avatar Gleb Natapov Committed by Marcelo Tosatti
Browse files

KVM: emulator: Fix permission checking in io permission bitmap 



Currently if io port + len crosses 8bit boundary in io permission bitmap the
check may allow IO that otherwise should not be allowed. The patch fixes that.

Signed-off-by: default avatarGleb Natapov <gleb@redhat.com>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent 5601d05b

arch/x86/kvm/emulate.c

+2 −3
Original line number Diff line number Diff line
@@ -1769,8 +1769,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt, 
	struct desc_struct tr_seg;

	u32 base3;

	int r;

	u16 io_bitmap_ptr;

	u8 perm, bit_idx = port & 0x7;

	u16 io_bitmap_ptr, perm, bit_idx = port & 0x7;

	unsigned mask = (1 << len) - 1;

	unsigned long base;
@@ -1788,7 +1787,7 @@ static bool emulator_io_port_access_allowed(struct x86_emulate_ctxt *ctxt, 
		return false;

	if (io_bitmap_ptr + port/8 > desc_limit_scaled(&tr_seg))

		return false;

	r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 1, ctxt->vcpu,

	r = ops->read_std(base + io_bitmap_ptr + port/8, &perm, 2, ctxt->vcpu,

			  NULL);

	if (r != X86EMUL_CONTINUE)

		return false;