On 30.09.2024 18:18, Andrew Cooper wrote: > RFC: Should we make the boundary check be (port + bytes + 8)? That would be > more correct, but liable to break unsuspecting VMs. Maybe we should just > comment our way out of it.
What would the "+ 8" be intended to express? (I take it you mean ... > --- a/xen/arch/x86/pv/emul-priv-op.c > +++ b/xen/arch/x86/pv/emul-priv-op.c > @@ -169,29 +169,26 @@ static intguest_io_okay(unsigned int port, unsigned int > bytes, > > if ( (port + bytes) <= v->arch.pv.iobmp_limit ) ... this check, which looks correct to me as is. In particular with the "+ 8" there would appear to be no way to access ports at the very top of the 64k range anymore, as PHYSDEVOP_set_iobitmap handling caps nr_ports at 64k. IOW I think "commenting our way out of it" is the only possible approach.) With or without such a comment added Reviewed-by: Jan Beulich <[email protected]> Jan
