|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v3 08/24] x86/emul: Correct the behaviour of pop %ss and interrupt shadowing
The mov_ss retire flag should only be set once load_seg() has returned
success. In particular, it should not be set if an exception occured when
trying to load %ss.
_hvm_emulate_one(), currently the sole user of mov_ss, only consideres it in
the case that x86_emulate() returns X86EMUL_OKAY, so this bug isn't actually
exposed to guests.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
v3:
* New
---
xen/arch/x86/x86_emulate/x86_emulate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c
b/xen/arch/x86/x86_emulate/x86_emulate.c
index 416812e..bacdee6 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2656,6 +2656,8 @@ x86_emulate(
&dst.val, op_bytes, ctxt, ops)) != 0 ||
(rc = load_seg(src.val, dst.val, 0, NULL, ctxt, ops)) != 0 )
goto done;
+ if ( src.val == x86_seg_ss )
+ ctxt->retire.mov_ss = 1;
break;
case 0x0e: /* push %%cs */
@@ -2668,7 +2670,6 @@ x86_emulate(
case 0x17: /* pop %%ss */
src.val = x86_seg_ss;
- ctxt->retire.mov_ss = 1;
goto pop_seg;
case 0x1e: /* push %%ds */
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |