[HVM] Another unchecked caller of hvm_copy_to_guest_virt()

Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>

diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
index 43d1343d5f6cd7467a9172b0809158ea9d4dbfde..30a80a4f276e66a2cbb1ff00469b470feb41df21 100644 (file)
--- a/xen/arch/x86/hvm/io.c
+++ b/xen/arch/x86/hvm/io.c
@@ -715,7 +715,18 @@ static void hvm_mmio_assist(struct cpu_user_regs *regs, ioreq_t *p,
 
     case INSTR_PUSH:
         mmio_opp->addr += hvm_get_segment_base(current, x86_seg_ss);
-        hvm_copy_to_guest_virt(mmio_opp->addr, &p->data, size);
+        { 
+            unsigned long addr = mmio_opp->addr;
+            int rv = hvm_copy_to_guest_virt(addr, &p->data, size);
+            if ( rv != 0 ) 
+            {
+                addr += p->size - rv;
+                gdprintk(XENLOG_DEBUG, "Pagefault emulating PUSH from MMIO: "
+                         "va=%#lx\n", addr);
+                hvm_inject_exception(TRAP_page_fault, PFEC_write_access, addr);
+                return;
+            }
+        }
         break;
     }
 }