[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 13.02.17 at 14:37, <JBeulich@xxxxxxxx> wrote:
>>>> On 13.02.17 at 14:19, <JBeulich@xxxxxxxx> wrote:
>> --- a/tools/firmware/hvmloader/hvmloader.c
>> +++ b/tools/firmware/hvmloader/hvmloader.c
>> @@ -177,18 +177,30 @@ static void cmos_write_memory_size(void)
>>  }
>>  
>>  /*
>> - * Set up an empty TSS area for virtual 8086 mode to use. 
>> - * The only important thing is that it musn't have any bits set 
>> - * in the interrupt redirection bitmap, so all zeros will do.
>> + * Set up an empty TSS area for virtual 8086 mode to use. Its content is
>> + * going to be managed by Xen, but zero fill it just in case.
>>   */
>>  static void init_vm86_tss(void)
>>  {
>> +/*
>> + * Have the TSS cover the ISA port range, which makes it
>> + * - 104 bytes base structure
>> + * - 32 bytes interrupt redirection bitmap
>> + * - 128 bytes I/O bitmap
>> + * - one trailing byte
>> + * or a total of to 265 bytes. As it needs to be be a power of two for
>> + * now (or else the alignment parameter to mem_alloc() needs adjustment),
>> + * this ends up requiring 512 bytes.
>> + */
>> +#define TSS_SIZE 512
>>      void *tss;
>>  
>> -    tss = mem_alloc(128, 128);
>> -    memset(tss, 0, 128);
>> +    tss = mem_alloc(TSS_SIZE, TSS_SIZE);
> 
>     tss = mem_alloc(TSS_SIZE, 128);
> 
> is sufficient here, as I've noticed (only) while reviewing Roger's
> series v4 of which did trigger the creation of this patch. I've made
> the change locally for now.

Which in turn means the size can also be reduced to 384, and then
the comment needs adjustment. Resulting hunk:

@@ -177,18 +177,29 @@ static void cmos_write_memory_size(void)
 }
 
 /*
- * Set up an empty TSS area for virtual 8086 mode to use. 
- * The only important thing is that it musn't have any bits set 
- * in the interrupt redirection bitmap, so all zeros will do.
+ * Set up an empty TSS area for virtual 8086 mode to use. Its content is
+ * going to be managed by Xen, but zero fill it just in case.
  */
 static void init_vm86_tss(void)
 {
+/*
+ * Have the TSS cover the ISA port range, which makes it
+ * - 104 bytes base structure
+ * - 32 bytes interrupt redirection bitmap
+ * - 128 bytes I/O bitmap
+ * - one trailing byte
+ * or a total of to 265 bytes. As it needs to be a multiple of the requested
+ * alignment, this ends up requiring 384 bytes.
+ */
+#define TSS_SIZE (3 * 128)
     void *tss;
 
-    tss = mem_alloc(128, 128);
-    memset(tss, 0, 128);
+    tss = mem_alloc(TSS_SIZE, 128);
+    memset(tss, 0, TSS_SIZE);
     hvm_param_set(HVM_PARAM_VM86_TSS, virt_to_phys(tss));
+    hvm_param_set(HVM_PARAM_VM86_TSS_SIZE, TSS_SIZE);
     printf("vm86 TSS at %08lx\n", virt_to_phys(tss));
+#undef TSS_SIZE
 }
 
 static void apic_setup(void)

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.