[v2] x86/HVM: emulation (MMIO) improvements

[PATCH v2 1/5] x86/HVM: correct MMIO emulation cache bounds check

Posted by Jan Beulich 8 months, 2 weeks ago

To avoid overrunning the internal buffer we need to take the offset into
the buffer into account.

Fixes: d95da91fb497 ("x86/HVM: grow MMIO cache data size to 64 bytes")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
v2: New.

--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -935,7 +935,7 @@ static int hvmemul_phys_mmio_access(
     }
 
     /* Accesses must not overflow the cache's buffer. */
-    if ( size > sizeof(cache->buffer) )
+    if ( offset + size > sizeof(cache->buffer) )
     {
         ASSERT_UNREACHABLE();
         return X86EMUL_UNHANDLEABLE;

Re: [PATCH v2 1/5] x86/HVM: correct MMIO emulation cache bounds check

Posted by Roger Pau Monné 4 months, 3 weeks ago

On Tue, Oct 01, 2024 at 10:48:20AM +0200, Jan Beulich wrote:
> To avoid overrunning the internal buffer we need to take the offset into
> the buffer into account.
> 
> Fixes: d95da91fb497 ("x86/HVM: grow MMIO cache data size to 64 bytes")
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.

[PATCH v2 1/5] x86/HVM: correct MMIO emulation cache bounds check
[PATCH v2 2/5] x86/HVM: allocate emulation cache entries dynamically
[PATCH v2 3/5] x86/HVM: correct read/write split at page boundaries
[PATCH v2 4/5] x86/HVM: slightly improve CMPXCHG16B emulation
[PATCH v2 5/5] x86/HVM: drop redundant access splitting