|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] x86emul: avoid UB shift in AVX512 VPMOV* handling
commit c24615500062eb63f1cfd208c234df5268a880e0
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Aug 8 13:26:38 2024 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Aug 8 13:26:38 2024 +0200
x86emul: avoid UB shift in AVX512 VPMOV* handling
For widening and narrowing moves, operand (vector) size is calculated
from a table. This calculation, for the AVX512 cases, lives ahead of
validation of EVEX.L'L (which cannot be 3 without raising #UD). Account
for the later checking by adjusting the constants in the expression such
that even EVEX.L'L == 3 will yield a non-UB shift (read: shift count
reliably >= 0).
Fixes: 3988beb08 ("x86emul: support AVX512{F,BW} zero- and sign-extending
moves")
Oss-fuzz: 70914
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c
b/xen/arch/x86/x86_emulate/x86_emulate.c
index bf388b7b1e..f0829a19d4 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -5788,7 +5788,7 @@ x86_emulate(
d = DstMem | SrcReg | TwoOp;
}
generate_exception_if(evex.brs, X86_EXC_UD);
- op_bytes = 32 >> (pmov_convert_delta[b & 7] + 1 - evex.lr);
+ op_bytes = 64 >> (pmov_convert_delta[b & 7] + 2 - evex.lr);
elem_bytes = (b & 7) < 3 ? 1 : (b & 7) != 5 ? 2 : 4;
goto avx512f_no_sae;
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |