On 05/24/2011 08:27 PM, Gleb Natapov wrote:
On Tue, May 24, 2011 at 02:11:20PM -0300, Marcelo Tosatti wrote:
>
> Commit fa4491a6b667304 moved the permission check for io instructions
> to the ->check_perm callback. It failed to copy the port value from RDX
> register for string and "in,out ax,dx" instructions. Fix it.
>
> Fixes FC8.32 installation.
Ouch.
> @@ -2955,6 +2964,15 @@ static int check_perm_out(struct x86_emulate_ctxt *ctxt)
> {
> struct decode_cache *c =&ctxt->decode;
>
> + switch (c->b) {
> + case 0x6e: /* outsb */
> + case 0x6f: /* outsw/outsd */
> + case 0xee: /* out dx,al */
> + case 0xef: /* out dx,(e/r)ax */
> + c->dst.val = c->regs[VCPU_REGS_RDX];
> + break;
> + }
> +
> c->src.bytes = min(c->src.bytes, 4u);
> if (!emulator_io_permited(ctxt, c->dst.val, c->src.bytes))
> return emulate_gp(ctxt, 0);
I'd rather do it at decoding stage by adding SrcDX/DstDX.
Note we haven't decoded operands yet. And this doesn't fix in $imm8, %al.
Maybe we need an additional check site after operands are fetched.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
