github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2026-01-13 11:33:58 +00:00
Code Issues Projects Releases Wiki Activity

add IO requrest 'req_buf' check before reference

Browse Source 
This address maybe invalid if a hostile address was set
in hypercall 'HC_SET_IOREQ_BUFFER'.it should be validated
before using.

Update:
  -- save HVA to guest OS's request buffer in hyperviosr
  -- change type of 'req_buf' from 'uint64_t' to 'void *'
  -- remove HPA to HVA translation code when using this addr.
  -- use error number instead of -1 when return error cases.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang
2018-04-11 19:07:27 +08:00
committed by Jack Ren
parent 3a3aeac09f
commit 9b37e1464c
5 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hypervisor/arch/x86/ept.c
View File

@@ -344,8 +344,9 @@ int dm_emulate_mmio_post(struct vcpu *vcpu)
{
int ret = 0;
int cur = vcpu->vcpu_id;
struct vhm_request_buffer *req_buf =
(void *)HPA2HVA(vcpu->vm->sw.req_buf);
struct vhm_request_buffer *req_buf;
req_buf = (struct vhm_request_buffer *)(vcpu->vm->sw.req_buf);
vcpu->req.reqs.mmio_request.value =
req_buf->req_queue[cur].reqs.mmio_request.value;