diff options
| author | neel <neel@FreeBSD.org> | 2013-07-03 23:05:17 +0000 |
|---|---|---|
| committer | neel <neel@FreeBSD.org> | 2013-07-03 23:05:17 +0000 |
| commit | 468b664f74fc046f41935be989f161a0d85878c0 (patch) | |
| tree | 3f257a66f3120601d7300eb956a4651fc31fb3e7 | |
| parent | 441e4b8972d2ad6e7802684f31370c147ea5bc50 (diff) | |
| download | FreeBSD-src-468b664f74fc046f41935be989f161a0d85878c0.zip FreeBSD-src-468b664f74fc046f41935be989f161a0d85878c0.tar.gz | |
Verify that all bytes in the instruction buffer are consumed during decoding.
Suggested by: grehan
| -rw-r--r-- | sys/amd64/vmm/vmm_instruction_emul.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/amd64/vmm/vmm_instruction_emul.c b/sys/amd64/vmm/vmm_instruction_emul.c index 8328144..4e63649 100644 --- a/sys/amd64/vmm/vmm_instruction_emul.c +++ b/sys/amd64/vmm/vmm_instruction_emul.c @@ -780,6 +780,19 @@ decode_immediate(struct vie *vie) } /* + * Verify that all the bytes in the instruction buffer were consumed. + */ +static int +verify_inst_length(struct vie *vie) +{ + + if (vie->num_processed == vie->num_valid) + return (0); + else + return (-1); +} + +/* * Verify that the 'guest linear address' provided as collateral of the nested * page table fault matches with our instruction decoding. */ @@ -853,6 +866,9 @@ vmm_decode_instruction(struct vm *vm, int cpuid, uint64_t gla, struct vie *vie) if (decode_immediate(vie)) return (-1); + if (verify_inst_length(vie)) + return (-1); + if (verify_gla(vm, cpuid, gla, vie)) return (-1); |
