[Xen-changelog] [xen-unstable] x86: Emulation of LMSW must only affect CR0 bits 0-3.

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1214583894 -3600
# Node ID a9fff28d4f066442b65b3ff8ac916f1a50f7c64b
# Parent  6b06639011744b6e22915fc1f97237a574e9305f
x86: Emulation of LMSW must only affect CR0 bits 0-3.
Emulation of SMSW is only restricted to 16-bit operation on memory
operands.

Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 xen/arch/x86/hvm/vmx/vmx.c             |    4 ++--
 xen/arch/x86/x86_emulate/x86_emulate.c |    7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff -r 6b0663901174 -r a9fff28d4f06 xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c        Fri Jun 27 16:20:59 2008 +0100
+++ b/xen/arch/x86/hvm/vmx/vmx.c        Fri Jun 27 17:24:54 2008 +0100
@@ -1523,8 +1523,8 @@ static int vmx_cr_access(unsigned long e
         break;
     case VMX_CONTROL_REG_ACCESS_TYPE_LMSW:
         value = v->arch.hvm_vcpu.guest_cr[0];
-        /* NB. LMSW can set, but never clear, PE. */
-        value = (value & 0xFFFF0001) | ((exit_qualification >> 16) & 0xFFFF);
+        /* LMSW can: (1) set bits 0-3; (2) clear bits 1-3. */
+        value = (value & ~0xe) | ((exit_qualification >> 16) & 0xf);
         HVMTRACE_LONG_1D(LMSW, current, value);
         return !hvm_set_cr0(value);
     default:
diff -r 6b0663901174 -r a9fff28d4f06 xen/arch/x86/x86_emulate/x86_emulate.c
--- a/xen/arch/x86/x86_emulate/x86_emulate.c    Fri Jun 27 16:20:59 2008 +0100
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c    Fri Jun 27 17:24:54 2008 +0100
@@ -3267,7 +3267,8 @@ x86_emulate(
                 goto done;
             break;
         case 4: /* smsw */
-            ea.bytes = 2;
+            if ( ea.type == OP_MEM )
+                ea.bytes = 2;
             dst = ea;
             fail_if(ops->read_cr == NULL);
             if ( (rc = ops->read_cr(0, &dst.val, ctxt)) )
@@ -3284,8 +3285,8 @@ x86_emulate(
             else if ( (rc = ops->read(ea.mem.seg, ea.mem.off,
                                       &cr0w, 2, ctxt)) )
                 goto done;
-            cr0 &= 0xffff0001; /* lmsw can set, but never clear, PE */
-            cr0 |= (uint16_t)cr0w;
+            /* LMSW can: (1) set bits 0-3; (2) clear bits 1-3. */
+            cr0 = (cr0 & ~0xe) | (cr0w & 0xf);
             if ( (rc = ops->write_cr(0, cr0, ctxt)) )
                 goto done;
             break;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog