On 27.08.21 09:51, Zhiqiang Hou wrote: > From: Hou Zhiqiang <[email protected]> > > In function restrict_bitmask_access(), the current access_mask is > implicitly assuming that it always access the whole register, but > some registers are byte-accessible, the Guest may get/set wrong > value when it issue a byte or halfword access to these registers.
Can you be more specific in the affected scenarios? At least one example would be good. > > Signed-off-by: Hou Zhiqiang <[email protected]> > --- > hypervisor/arch/arm-common/irqchip.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/hypervisor/arch/arm-common/irqchip.c > b/hypervisor/arch/arm-common/irqchip.c > index 256af114..daae5512 100644 > --- a/hypervisor/arch/arm-common/irqchip.c > +++ b/hypervisor/arch/arm-common/irqchip.c > @@ -69,6 +69,9 @@ restrict_bitmask_access(struct mmio_access *mmio, unsigned > int reg_index, > if (irqchip_irq_in_cell(cell, first_irq + irq)) > access_mask |= irq_bits << (irq * bits_per_irq); > > + access_mask >>= 8 * (mmio->address & 0x3); > + access_mask &= (1UL << (mmio->size * 8)) - 1; > + Are we only talking about mitigating wrong results affecting the issuing cell? Or does the wrong mask have the potential to corrupt content that affects other cells as well? In the latter case, we must not rely on the cell-provided access size, I strongly suspect. Jan > if (!mmio->is_write) { > /* Restrict the read value */ > mmio_perform_access(gicd_base, mmio); > -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/2d3cfe41-3c51-34f8-8130-f6b86720d835%40siemens.com.
