From 4609fc8eb04e6af531d86923c9d057f32a96b7d8 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Thu, 28 May 2020 14:03:22 +0100
Subject: [PATCH] x86/hvm: Improve error information in handle_pio()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

domain_crash() should always have a message which is emitted even in release
builds, so something more useful than this is presented to the user.

  (XEN) domain_crash called from io.c:171
  (XEN) domain_crash called from io.c:171
  (XEN) domain_crash called from io.c:171
  ...

To avoid possibly printing stack rubble, initialise data to ~0 right away.
Furthermore, the maximum access size is 4, so drop data from long to int.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
 xen/arch/x86/hvm/io.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
index a5b0a23f06..724ab44a76 100644
--- a/xen/arch/x86/hvm/io.c
+++ b/xen/arch/x86/hvm/io.c
@@ -132,13 +132,15 @@ bool handle_pio(uint16_t port, unsigned int size, int dir)
 {
     struct vcpu *curr = current;
     struct hvm_vcpu_io *vio = &curr->arch.hvm.hvm_io;
-    unsigned long data;
+    unsigned int data;
     int rc;
 
     ASSERT((size - 1) < 4 && size != 3);
 
     if ( dir == IOREQ_WRITE )
         data = guest_cpu_user_regs()->eax;
+    else
+        data = ~0; /* Avoid any risk of stack rubble. */
 
     rc = hvmemul_do_pio_buffer(port, size, dir, &data);
 
@@ -151,7 +153,7 @@ bool handle_pio(uint16_t port, unsigned int size, int dir)
         if ( dir == IOREQ_READ )
         {
             if ( size == 4 ) /* Needs zero extension. */
-                guest_cpu_user_regs()->rax = (uint32_t)data;
+                guest_cpu_user_regs()->rax = data;
             else
                 memcpy(&guest_cpu_user_regs()->rax, &data, size);
         }
@@ -167,7 +169,9 @@ bool handle_pio(uint16_t port, unsigned int size, int dir)
         break;
 
     default:
-        gdprintk(XENLOG_ERR, "Weird HVM ioemulation status %d.\n", rc);
+        gprintk(XENLOG_ERR, "Unexpected PIO status %d, port %#x %s 0x%0*x\n",
+                rc, port, dir == IOREQ_WRITE ? "write" : "read",
+                size * 2, data & ((1u << (size * 8)) - 1));
         domain_crash(curr->domain);
         return false;
     }
-- 
2.39.5