x86/vPIC: avoid speculative out of bounds accesses

author Jan Beulich <jbeulich@suse.com>

Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)

committer Jan Beulich <jbeulich@suse.com>

Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)
author Jan Beulich <jbeulich@suse.com>
Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)
committer Jan Beulich <jbeulich@suse.com>
Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)
diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c

index 3f3fb7a4ff96d14a85a49ee428c7b34477a59052..4897a0e05b043a28e37f82fdef532c06976bc08e 100644 (file)
--- a/xen/arch/x86/hvm/vpic.c
+++ b/xen/arch/x86/hvm/vpic.c
@@ -335,7 +335,7 @@ static int vpic_intercept_pic_io(
          return X86EMUL_OKAY;
      }
  
-    vpic = &current->domain->arch.hvm.vpic[port >> 7];
+    vpic = &current->domain->arch.hvm.vpic[!!(port & 0x80)];
  
      if ( dir == IOREQ_WRITE )
          vpic_ioport_write(vpic, port, (uint8_t)*val);
@@ -448,7 +448,7 @@ void vpic_init(struct domain *d)
  
  void vpic_irq_positive_edge(struct domain *d, int irq)
  {
-    struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[irq >> 3];
+    struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[!!(irq & 8)];
      uint8_t mask = 1 << (irq & 7);
  
      ASSERT(has_vpic(d));
@@ -466,7 +466,7 @@ void vpic_irq_positive_edge(struct domain *d, int irq)
  
  void vpic_irq_negative_edge(struct domain *d, int irq)
  {
-    struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[irq >> 3];
+    struct hvm_hw_vpic *vpic = &d->arch.hvm.vpic[!!(irq & 8)];
      uint8_t mask = 1 << (irq & 7);
  
      ASSERT(has_vpic(d));
author	Jan Beulich <jbeulich@suse.com>
	Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Thu, 4 Jul 2019 14:07:01 +0000 (16:07 +0200)