diff options
| -rw-r--r-- | sys/amd64/vmm/vmm_instruction_emul.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/amd64/vmm/vmm_instruction_emul.c b/sys/amd64/vmm/vmm_instruction_emul.c index 8328144..4e63649 100644 --- a/sys/amd64/vmm/vmm_instruction_emul.c +++ b/sys/amd64/vmm/vmm_instruction_emul.c @@ -780,6 +780,19 @@ decode_immediate(struct vie *vie) } /* + * Verify that all the bytes in the instruction buffer were consumed. + */ +static int +verify_inst_length(struct vie *vie) +{ + + if (vie->num_processed == vie->num_valid) + return (0); + else + return (-1); +} + +/* * Verify that the 'guest linear address' provided as collateral of the nested * page table fault matches with our instruction decoding. */ @@ -853,6 +866,9 @@ vmm_decode_instruction(struct vm *vm, int cpuid, uint64_t gla, struct vie *vie) if (decode_immediate(vie)) return (-1); + if (verify_inst_length(vie)) + return (-1); + if (verify_gla(vm, cpuid, gla, vie)) return (-1); |
