mirrors/Bochs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- fix flaw in IO bitmap permission handling (anonymous patch)

Browse Source 
From the author (see bug #663320) :
  In the code there is a check to verify that an IO bitmap
  is defined (io_base > BX_CPU_THIS_PTR
  tr.cache.u.tss386.limit_scaled) but there is no check if
  an accessed IO port's address actually falls within the
  defined limit of the TSS segment. So if I define an IO
  bitmap with 100 entries, port 101 may or may not be
  allowed depending on whatever bytes follow the TSS in
  memory
This commit is contained in:
Christophe Bothamy 2003-08-24 23:14:52 +00:00
parent 6c66a9a9a9
commit 6977467ed7
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bochs/cpu/io_pro.cc
View File

@ -1,5 +1,5 @@
/////////////////////////////////////////////////////////////////////////
// $Id: io_pro.cc,v 1.12 2003-03-02 23:59:09 cbothamy Exp $
// $Id: io_pro.cc,v 1.13 2003-08-24 23:14:52 cbothamy Exp $
/////////////////////////////////////////////////////////////////////////
//
// Copyright (C) 2001 MandrakeSoft S.A.
@ -171,10 +171,11 @@ BX_INFO(("len is %u", len));
BX_PANIC(("allow_io(): TR:io_base <= 103"));
}
if (io_base > BX_CPU_THIS_PTR tr.cache.u.tss386.limit_scaled) {
BX_INFO(("allow_io(): CPL > IOPL: no IO bitmap defined #GP(0)"));
if ( (Bit16s) (addr/8) > (BX_CPU_THIS_PTR tr.cache.u.tss386.limit_scaled - io_base)) {
BX_INFO(("allow_io(): IO adr %x outside TSS IO permission map (max port=%x) #GP(0)",
addr, 8*(BX_CPU_THIS_PTR tr.cache.u.tss386.limit_scaled - io_base) ));
return(0);
}
}
access_linear(BX_CPU_THIS_PTR tr.cache.u.tss386.base + io_base + addr/8,
2, 0, BX_READ, &permission16);