Re: [Xen-devel] [PATCH] x86_emulate: Always truncate %eip in 32bit mode

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 30.11.15 at 12:07, <andrew.cooper3@xxxxxxxxxx> wrote:
> _regs.eip needs to be truncated after having size added to it, or emulating an
> instruction which crosses the 4GB boundary causes _regs.eip to become invalid,
> and fail vmentry checks when returning back to the guest.
> 
> The comment /* real hardware doesn't truncate */ seems to appear in c/s
> ddef8e16 "Tweak x86 emulator interface." without any justification.

Considering how the code looked like before this commit, ...

> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c
> @@ -570,8 +570,9 @@ do{ asm volatile (                                        
>               \
>  /* Fetch next part of the instruction being emulated. */
>  #define insn_fetch_bytes(_size)                                         \
>  ({ unsigned long _x = 0, _eip = _regs.eip;                              \
> -   if ( !mode_64bit() ) _eip = (uint32_t)_eip; /* ignore upper dword */ \
> -   _regs.eip += (_size); /* real hardware doesn't truncate */           \
> +   _regs.eip += (_size);                                                \
> +   if ( !mode_64bit() ) { /* Truncate eip in 32bit mode. */             \
> +       _eip = (uint32_t)_eip; _regs.eip = (uint32_t) _regs.eip; }       \

... don't you think we would better switch back to
_register_address_increment()? Afaik in a 16-bit code segment
only the lower 16 bits actually get looked at.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel