From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: KVM: x86: use proper port value when checking io instruction permission Date: Tue, 24 May 2011 22:07:48 +0300 Message-ID: <4DDC0204.9050002@redhat.com> References: <20110524171120.GA19906@amt.cnet> <20110524172706.GC22042@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Marcelo Tosatti , kvm , Joerg Roedel To: Gleb Natapov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:11074 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933004Ab1EXTHy (ORCPT ); Tue, 24 May 2011 15:07:54 -0400 In-Reply-To: <20110524172706.GC22042@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 05/24/2011 08:27 PM, Gleb Natapov wrote: > On Tue, May 24, 2011 at 02:11:20PM -0300, Marcelo Tosatti wrote: > > > > Commit fa4491a6b667304 moved the permission check for io instructions > > to the ->check_perm callback. It failed to copy the port value from RDX > > register for string and "in,out ax,dx" instructions. Fix it. > > > > Fixes FC8.32 installation. Ouch. > > @@ -2955,6 +2964,15 @@ static int check_perm_out(struct x86_emulate_ctxt *ctxt) > > { > > struct decode_cache *c =&ctxt->decode; > > > > + switch (c->b) { > > + case 0x6e: /* outsb */ > > + case 0x6f: /* outsw/outsd */ > > + case 0xee: /* out dx,al */ > > + case 0xef: /* out dx,(e/r)ax */ > > + c->dst.val = c->regs[VCPU_REGS_RDX]; > > + break; > > + } > > + > > c->src.bytes = min(c->src.bytes, 4u); > > if (!emulator_io_permited(ctxt, c->dst.val, c->src.bytes)) > > return emulate_gp(ctxt, 0); > I'd rather do it at decoding stage by adding SrcDX/DstDX. > Note we haven't decoded operands yet. And this doesn't fix in $imm8, %al. Maybe we need an additional check site after operands are fetched. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.