[HVM] Another unchecked caller of hvm_copy_to_guest_virt()

Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
author: Tim Deegan <Tim.Deegan@xensource.com> 2007-02-20 16:18:56 +0000
committer: Tim Deegan <Tim.Deegan@xensource.com> 2007-02-20 16:18:56 +0000
commit: cca5559356f1e2dcdf49c3e99e0bd359d975f944 (patch)
tree: 37798f76f8b6b347984f310378cfc1d38d395318 /xen/arch/x86/hvm/io.c
parent: feaecc4d84397984cde96376fd901f756d3b243c (diff)
download: xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.tar.gz
xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.tar.bz2
xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.zip
1 files changed, 12 insertions, 1 deletions
diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
index 43d1343d5f..30a80a4f27 100644
--- a/xen/arch/x86/hvm/io.c
+++ b/xen/arch/x86/hvm/io.c
@@ -715,7 +715,18 @@ static void hvm_mmio_assist(struct cpu_user_regs *regs, ioreq_t *p,
 
     case INSTR_PUSH:
         mmio_opp->addr += hvm_get_segment_base(current, x86_seg_ss);
-        hvm_copy_to_guest_virt(mmio_opp->addr, &p->data, size);
+        { 
+            unsigned long addr = mmio_opp->addr;
+            int rv = hvm_copy_to_guest_virt(addr, &p->data, size);
+            if ( rv != 0 ) 
+            {
+                addr += p->size - rv;
+                gdprintk(XENLOG_DEBUG, "Pagefault emulating PUSH from MMIO: "
+                         "va=%#lx\n", addr);
+                hvm_inject_exception(TRAP_page_fault, PFEC_write_access, addr);
+                return;
+            }
+        }
         break;
     }
 }
author	Tim Deegan <Tim.Deegan@xensource.com>	2007-02-20 16:18:56 +0000
committer	Tim Deegan <Tim.Deegan@xensource.com>	2007-02-20 16:18:56 +0000
commit	cca5559356f1e2dcdf49c3e99e0bd359d975f944 (patch)
tree	37798f76f8b6b347984f310378cfc1d38d395318 /xen/arch/x86/hvm/io.c
parent	feaecc4d84397984cde96376fd901f756d3b243c (diff)
download	xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.tar.gz xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.tar.bz2 xen-cca5559356f1e2dcdf49c3e99e0bd359d975f944.zip