|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] x86/HVM: properly reject "indirect" VRAM writes
commit eb7cd0593d88c4b967a24bca8bd30591966676cd
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Sep 12 09:13:04 2024 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Sep 12 09:13:04 2024 +0200
x86/HVM: properly reject "indirect" VRAM writes
While ->count will only be different from 1 for "indirect" (data in
guest memory) accesses, it being 1 does not exclude the request being an
"indirect" one. Check both to be on the safe side, and bring the ->count
part also in line with what ioreq_send_buffered() actually refuses to
handle.
Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard
mmio intercept")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
xen/arch/x86/hvm/stdvga.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm/stdvga.c b/xen/arch/x86/hvm/stdvga.c
index afd2ca95d6..2520d0dd01 100644
--- a/xen/arch/x86/hvm/stdvga.c
+++ b/xen/arch/x86/hvm/stdvga.c
@@ -498,13 +498,13 @@ static bool cf_check stdvga_mem_accept(
spin_lock(&s->lock);
- if ( p->dir == IOREQ_WRITE && p->count > 1 )
+ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) )
{
/*
* We cannot return X86EMUL_UNHANDLEABLE on anything other then the
* first cycle of an I/O. So, since we cannot guarantee to always be
* able to send buffered writes, we have to reject any multi-cycle
- * I/O.
+ * or "indirect" I/O.
*/
goto reject;
}
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |