projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 435ae6a) | patch
x86/VMX: sanitize VM86 TSS handling
authorJan Beulich <jbeulich@suse.com>
Wed, 22 Feb 2017 11:36:36 +0000 (12:36 +0100)
committerJan Beulich <jbeulich@suse.com>
Wed, 22 Feb 2017 11:36:36 +0000 (12:36 +0100)
commit3619af2b2b45d660999324a827fa67312a725d78
tree6da960282730ceda9d7f7cad7479bef99acca036tree | snapshot
parent435ae6afed876e47a8a6b12364ff1ec7a180b24fcommit | diff
x86/VMX: sanitize VM86 TSS handling

The present way of setting this up is flawed: Leaving the I/O bitmap
pointer at zero means that the interrupt redirection bitmap lives
outside (ahead of) the allocated space of the TSS. Similarly setting a
TSS limit of 255 when only 128 bytes get allocated means that 128 extra
bytes may be accessed by the CPU during I/O port access processing.

Introduce a new HVM param to set the allocated size of the TSS, and
have the hypervisor actually take care of setting namely the I/O bitmap
pointer. Both this and the segment limit now take the allocated size
into account.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
tools/firmware/hvmloader/hvmloader.c diff | blob | history
tools/libxc/xc_sr_save_x86_hvm.c diff | blob | history
xen/arch/x86/hvm/hvm.c diff | blob | history
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/include/asm-x86/hvm/support.h diff | blob | history
xen/include/public/hvm/params.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.