|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] x86_emulate: fix wrap around handling for repeated string instructions
commit a2e2df452e9cc80844c5de9301862a6285bd30c1
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Sep 23 09:52:29 2013 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Sep 23 09:52:29 2013 +0200
x86_emulate: fix wrap around handling for repeated string instructions
For one, repeat count clipping for MOVS must be done taking into
consideration both source and destination addresses.
And then we should allow a wrap on the final iteration only if either
the wrap is a precise one (i.e. the access itself doesn't wrap, just
the resulting index register value would) or if there is just one
iteration. In all other cases we should do a bulk operation first
without hitting the wrap, and then issue an individual iteration. If
we don't do it that way,
- the last iteration not completing successfully will cause the whole
operation to fail (i.e. registers not get updated to the failure
point)
- hvmemul_virtual_to_linear() may needlessly enforce non-repeated
operation
Additionally with the prior implementation there was a case
(df=1, ea=~0, reps=~0, bytes_per_rep=1) where we'd end up passing zero
reps back to the caller, yet various places assume that there's at
least on iteration.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
---
xen/arch/x86/x86_emulate/x86_emulate.c | 24 ++++++++++++++++--------
1 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c
b/xen/arch/x86/x86_emulate/x86_emulate.c
index 473500e..bb40b83 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -773,13 +773,20 @@ static void __put_rep_prefix(
__put_rep_prefix(&_regs, ctxt->regs, ad_bytes, reps_completed); \
})
-/* Clip maximum repetitions so that the index register only just wraps. */
+/* Clip maximum repetitions so that the index register at most just wraps. */
#define truncate_ea_and_reps(ea, reps, bytes_per_rep) ({ \
- unsigned long __todo = (ctxt->regs->eflags & EFLG_DF) ? (ea) : ~(ea); \
- __todo = truncate_word(__todo, ad_bytes); \
- __todo = (__todo / (bytes_per_rep)) + 1; \
- (reps) = (__todo < (reps)) ? __todo : (reps); \
- truncate_word((ea), ad_bytes); \
+ unsigned long todo__, ea__ = truncate_word(ea, ad_bytes); \
+ if ( !(ctxt->regs->eflags & EFLG_DF) ) \
+ todo__ = truncate_word(-(ea), ad_bytes) / (bytes_per_rep); \
+ else if ( truncate_word((ea) + (bytes_per_rep) - 1, ad_bytes) < ea__ )\
+ todo__ = 1; \
+ else \
+ todo__ = ea__ / (bytes_per_rep) + 1; \
+ if ( !todo__ ) \
+ (reps) = 1; \
+ else if ( todo__ < (reps) ) \
+ (reps) = todo__; \
+ ea__; \
})
/* Compatibility function: read guest memory, zero-extend result to a ulong. */
@@ -2385,8 +2392,9 @@ x86_emulate(
dst.bytes = (d & ByteOp) ? 1 : op_bytes;
dst.mem.seg = x86_seg_es;
dst.mem.off = truncate_ea_and_reps(_regs.edi, nr_reps, dst.bytes);
+ src.mem.off = truncate_ea_and_reps(_regs.esi, nr_reps, dst.bytes);
if ( (nr_reps > 1) && (ops->rep_movs != NULL) &&
- ((rc = ops->rep_movs(ea.mem.seg, truncate_ea(_regs.esi),
+ ((rc = ops->rep_movs(ea.mem.seg, src.mem.off,
dst.mem.seg, dst.mem.off, dst.bytes,
&nr_reps, ctxt)) != X86EMUL_UNHANDLEABLE) )
{
@@ -2395,7 +2403,7 @@ x86_emulate(
}
else
{
- if ( (rc = read_ulong(ea.mem.seg, truncate_ea(_regs.esi),
+ if ( (rc = read_ulong(ea.mem.seg, src.mem.off,
&dst.val, dst.bytes, ctxt, ops)) != 0 )
goto done;
dst.type = OP_MEM;
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |