[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen staging] x86/vPIC: avoid speculative out of bounds accesses
commit dcac6de1f5b34d52b5f37c73b85c3b627581d413 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Jul 4 16:07:01 2019 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Jul 4 16:07:01 2019 +0200 x86/vPIC: avoid speculative out of bounds accesses Array indexes used in the I/O port read/write emulation functions are derived from guest controlled values. Where this is not already done, restrict their ranges to limit the side effects of speculative execution. This is part of the speculative hardening effort. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- xen/arch/x86/hvm/vpic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 3f3fb7a4ff..4897a0e05b 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -335,7 +335,7 @@ static int vpic_intercept_pic_io( return X86EMUL_OKAY; } - vpic = ¤t->domain->arch.hvm.vpic[port >> 7]; + vpic = ¤t->domain->arch.hvm.vpic[!!(port & 0x80)]; if ( dir == IOREQ_WRITE ) vpic_ioport_write(vpic, port, (uint8_t)*val); @@ -448,7 +448,7 @@ void vpic_init(struct domain *d) void vpic_irq_positive_edge(struct domain *d, int irq) { - struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[irq >> 3]; + struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[!!(irq & 8)]; uint8_t mask = 1 << (irq & 7); ASSERT(has_vpic(d)); @@ -466,7 +466,7 @@ void vpic_irq_positive_edge(struct domain *d, int irq) void vpic_irq_negative_edge(struct domain *d, int irq) { - struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[irq >> 3]; + struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[!!(irq & 8)]; uint8_t mask = 1 << (irq & 7); ASSERT(has_vpic(d)); -- generated by git-patchbot for /home/xen/git/xen.git#staging _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |