handle iomap before tss

Author: Restioson

src/structures/gdt.rs

@@ -320,7 +320,14 @@ impl Descriptor {
             return Err(InvalidIoMap::TooLong { len: iomap.len() });
         }
 
-        let base = iomap.as_ptr() as usize - tss as *const _ as usize;
+        let iomap_addr = iomap.as_ptr() as usize;
+        let tss_addr = tss as *const _ as usize;
+
+        if tss_addr > iomap_addr {
+            return Err(InvalidIoMap::IoMapBeforeTss);
+        }
+
+        let base = iomap_addr - tss_addr;
         if base > 0xdfff {
             return Err(InvalidIoMap::TooFarFromTss { distance: base });
         }

src/structures/tss.rs

@@ -42,8 +42,11 @@ impl TaskStateSegment {
 /// The given IO permissions bitmap is invalid.
 #[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub enum InvalidIoMap {
+    /// The IO permissions bitmap is before the TSS. It must be located after the TSS.
+    IoMapBeforeTss,
     /// The IO permissions bitmap is too far from the TSS. It must be within `0xdfff` bytes of the
-    /// start of the TSS.
+    /// start of the TSS. Note that if the IO permissions bitmap is located before the TSS, then
+    /// `IoMapBeforeTss` will be returned instead.
     TooFarFromTss {
         /// The distance of the IO permissions bitmap from the beginning of the TSS.
         distance: usize,