github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-24 10:17:28 +00:00
Code Issues Projects Releases Wiki Activity

add IO requrest 'req_buf' check before reference

Browse Source 
This address maybe invalid if a hostile address was set
in hypercall 'HC_SET_IOREQ_BUFFER'.it should be validated
before using.

Update:
  -- save HVA to guest OS's request buffer in hyperviosr
  -- change type of 'req_buf' from 'uint64_t' to 'void *'
  -- remove HPA to HVA translation code when using this addr.
  -- use error number instead of -1 when return error cases.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang
2018-04-11 19:07:27 +08:00
committed by Jack Ren
parent 3a3aeac09f
commit 9b37e1464c
5 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hypervisor/arch/x86/io.c
View File

@@ -39,12 +39,13 @@ int dm_emulate_pio_post(struct vcpu *vcpu)
{
int cur = vcpu->vcpu_id;
int cur_context = vcpu->arch_vcpu.cur_context;
struct vhm_request_buffer *req_buf =
(void *)HPA2HVA(vcpu->vm->sw.req_buf);
struct vhm_request_buffer *req_buf = NULL;
uint32_t mask =
0xFFFFFFFFul >> (32 - 8 * vcpu->req.reqs.pio_request.size);
uint64_t *rax;
req_buf = (struct vhm_request_buffer *)(vcpu->vm->sw.req_buf);
rax = &vcpu->arch_vcpu.contexts[cur_context].guest_cpu_regs.regs.rax;
vcpu->req.reqs.pio_request.value =
req_buf->req_queue[cur].reqs.pio_request.value;