The SVM IOIO intercept does not check all bits in the IO permission map
for in/outs with word or long operand size. The attached patch fix this.
Bernhard Kauer
Index: target-i386/helper.c
--- target-i386/helper.c 18 Nov 2007 01:44:38 -0000 1.95
+++ target-i386/helper.c 6 Dec 2007 19:22:55 -0000
@@ -4250,8 +4331,8 @@
uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.iopm_base_pa));
uint16_t port = (uint16_t) (param >> 16);
- if(ldub_phys(addr + port / 8) & (1 << (port % 8)))
- vmexit(type, param);
+ if(ldub_phys(addr + port / 8) & (((1 << ((param >> 4) & 0x7)) - 1) << (port % 8)))
+ vmexit(type, param);
}
break;
