[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Sat, 10 Sep 2016 03:07:06 +0000
Delivery-date: Sat, 10 Sep 2016 03:07:10 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 7b5cee79dad24e7006059667b02bd7de685d8ee5
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Aug 12 14:35:28 2016 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Sep 8 16:39:46 2016 +0100

    hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary
    
    The Force Emulation Prefix is named to follow its PV counterpart for cpuid 
or
    rdtsc, but isn't really an instruction prefix.  It behaves as a break-out 
into
    Xen, with the purpose of emulating the next instruction in the current 
state.
    
    It is important to be able to test legal situations which occur in real
    hardware, including instruction which cross certain boundaries, and
    instructions starting at 0.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/hvm/hvm.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 787f055..8953928 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3981,15 +3981,8 @@ void hvm_ud_intercept(struct cpu_user_regs *regs)
         unsigned long addr;
         char sig[5]; /* ud2; .ascii "xen" */
 
-        /*
-         * Note that in the call below we pass 1 more than the signature
-         * size, to guard against the overall code sequence wrapping between
-         * "prefix" and actual instruction. There's necessarily at least one
-         * actual instruction byte required, so this won't cause failure on
-         * legitimate uses.
-         */
         if ( hvm_virtual_to_linear_addr(x86_seg_cs, cs, regs->eip,
-                                        sizeof(sig) + 1, hvm_access_insn_fetch,
+                                        sizeof(sig), hvm_access_insn_fetch,
                                         (hvm_long_mode_enabled(cur) &&
                                          cs->attr.fields.l) ? 64 :
                                         cs->attr.fields.db ? 32 : 16, &addr) &&
@@ -3999,6 +3992,11 @@ void hvm_ud_intercept(struct cpu_user_regs *regs)
         {
             regs->eip += sizeof(sig);
             regs->eflags &= ~X86_EFLAGS_RF;
+
+            /* Zero the upper 32 bits of %rip if not in 64bit mode. */
+            if ( !(hvm_long_mode_enabled(cur) && cs->attr.fields.l) )
+                regs->eip = regs->_eip;
+
             add_taint(TAINT_HVM_FEP);
         }
     }
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

Prev by Date: [Xen-changelog] [xen master] fix EFI part of "symbols: Generate an xen-sym.map"
Next by Date: [Xen-changelog] [xen master] x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
Previous by thread: [Xen-changelog] [xen master] fix EFI part of "symbols: Generate an xen-sym.map"
Next by thread: [Xen-changelog] [xen master] x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.