From: Jan Kiszka <[email protected]>
The opcode of mov imm,<mem> also consists of reg=0 in the ModR/M byte.
Make sure that we do not misinterpret an instruction.
Fixes: 95202a038b9e ("x86,mmio: Add support for 1 more instructions on
the MMIO dispatcher")
Signed-off-by: Jan Kiszka <[email protected]>
---
hypervisor/arch/x86/mmio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hypervisor/arch/x86/mmio.c b/hypervisor/arch/x86/mmio.c
index c30f69b5c..8890fedb7 100644
--- a/hypervisor/arch/x86/mmio.c
+++ b/hypervisor/arch/x86/mmio.c
@@ -148,6 +148,11 @@ restart:
goto error_noinst;
op[2].raw = *ctx.inst;
+
+ /* ensure that we are actually talking about mov imm,<mem> */
+ if (op[0].raw == X86_OP_MOV_IMMEDIATE_TO_MEM && op[2].modrm.reg != 0)
+ goto error_unsupported;
+
switch (op[2].modrm.mod) {
case 0:
if (op[2].modrm.rm == 5) { /* 32-bit displacement */
--
2.13.6
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
