From 7581e84cb6b709019c51a1e7d86414f696470554 Mon Sep 17 00:00:00 2001
From: Liu Hua <sdu.liu@huawei.com>
Date: Tue, 9 Jul 2019 22:20:45 -0700
Subject: tss: block userspace access to all I/O ports.

A userspace process (CPL=3) can access an i/o port if the bit corresponding to
the port is set to 0 in the I/O permission bitmap.

Configure the I/O permission bitmap address beyond the last valid byte in the
TSS so access to all i/o ports is blocked.

Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Change-Id: I3df76980c3735491db768f7210e71703f86bb989
PiperOrigin-RevId: 257336518
---
 pkg/sentry/platform/ring0/kernel_amd64.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'pkg/sentry/platform/ring0')

diff --git a/pkg/sentry/platform/ring0/kernel_amd64.go b/pkg/sentry/platform/ring0/kernel_amd64.go
index 3577b5127..0feff8778 100644
--- a/pkg/sentry/platform/ring0/kernel_amd64.go
+++ b/pkg/sentry/platform/ring0/kernel_amd64.go
@@ -70,6 +70,14 @@ func (c *CPU) init() {
 	c.tss.ist1Lo = uint32(stackAddr)
 	c.tss.ist1Hi = uint32(stackAddr >> 32)
 
+	// Set the I/O bitmap base address beyond the last byte in the TSS
+	// to block access to the entire I/O address range.
+	//
+	// From section 18.5.2 "I/O Permission Bit Map" from Intel SDM vol1:
+	// I/O addresses not spanned by the map are treated as if they had set
+	// bits in the map.
+	c.tss.ioPerm = tssLimit + 1
+
 	// Permanently set the kernel segments.
 	c.registers.Cs = uint64(Kcode)
 	c.registers.Ds = uint64(Kdata)
-- 
cgit v1.2.3