[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] x86: check ModR/M mod bits for CR/DR access insns

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1205856156 0
# Node ID 2c2b442902e26d7e533c7d3cb9b9ea8902145d73
# Parent  bdaf721c361658b364ad3a9ec9d427274e4473f5
x86: check ModR/M mod bits for CR/DR access insns

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 xen/arch/x86/traps.c       |    8 ++++++++
 xen/arch/x86/x86_emulate.c |    2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff -r bdaf721c3616 -r 2c2b442902e2 xen/arch/x86/traps.c
--- a/xen/arch/x86/traps.c      Tue Mar 18 15:51:19 2008 +0000
+++ b/xen/arch/x86/traps.c      Tue Mar 18 16:02:36 2008 +0000
@@ -1801,6 +1801,8 @@ static int emulate_privileged_op(struct 
 
     case 0x20: /* MOV CR?,<reg> */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1841,6 +1843,8 @@ static int emulate_privileged_op(struct 
 
     case 0x21: /* MOV DR?,<reg> */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1851,6 +1855,8 @@ static int emulate_privileged_op(struct 
 
     case 0x22: /* MOV <reg>,CR? */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1897,6 +1903,8 @@ static int emulate_privileged_op(struct 
 
     case 0x23: /* MOV <reg>,DR? */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
diff -r bdaf721c3616 -r 2c2b442902e2 xen/arch/x86/x86_emulate.c
--- a/xen/arch/x86/x86_emulate.c        Tue Mar 18 15:51:19 2008 +0000
+++ b/xen/arch/x86/x86_emulate.c        Tue Mar 18 16:02:36 2008 +0000
@@ -3219,8 +3219,8 @@ x86_emulate(
     case 0x21: /* mov dr,reg */
     case 0x22: /* mov reg,cr */
     case 0x23: /* mov reg,dr */
+        generate_exception_if(ea.type != OP_REG, EXC_UD, -1);
         generate_exception_if(!mode_ring0(), EXC_GP, 0);
-        modrm_rm  |= (rex_prefix & 1) << 3;
         modrm_reg |= lock_prefix << 3;
         if ( b & 2 )
         {

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.