[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2][4.17] x86emul: further correct 64-bit mode zero count repeated string insn handling

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Thu, 6 Oct 2022 15:11:11 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lsP25R/4gs4hqLJaINXdXJap1S3h0P4oZ+V3WVxiDK0=; b=mXQKEmQQraa3puiNwYnJNKTpm1b8o4YN2iVysIHkx/8DGCN4jmSuE5ATCunW/rB07S/EaWB8GmPLqzMkNmkNdkuxUQREo/K99xPVfH+eaUl/ph9iQgrciXlbwpfj7yX/UUaOaphq4eDw+VwRH4vxSzMtgLjBu4Y701wzV6gZ6A7AjBUi+Qe56pebzCy2Nt86kJtkT7DzdEKlq79I/Gp2+qtA97BHkv32r2QGEmfOQ6XcgwUvexsfkzW0nMtgdqBDaPQGGDjwxZO+Mln35Eicr9BUxeloQC9dFDXWCXEoZpub+fqADRvThBFihyA9/GuZ1tPt3+Cw1myiJLdSl9UjIw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WPaqT4rCOTuky1Zn/uyRRbxGEK9gE9DkLGh9sWPSrLk9+KeDr04oIUoNam2s9TlmvZkBYHV5UXCBqHgts3AizQRd2ELohfIhxz3VB29QPIymKubuE4J/KyGeonSiXhYNAsf+IRlB4oMEB9z1QW8FljDTWg+Y4Ejmdn3ZxfZkyJbkm1wLtEhHelu/eu63vLAwBC++X7mUrNLl+/jXqazJAKh5fTv8MalHXok47YAuITa7F75VNPKg7rnHAZRZJVizDi+m1Wd6cgpNd7I5AKztnh2laFj6ahXfHuc8azN0tWQpMkYk4/YbPhsoSSecAgoQVSTUJvFO7BxAlngCTIW38g==
Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
Delivery-date: Thu, 06 Oct 2022 13:11:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

In an entirely different context I came across Linux commit 428e3d08574b
("KVM: x86: Fix zero iterations REP-string"), which points out that
we're still doing things wrong: For one, there's no zero-extension at
all on AMD. And then while RCX is zero-extended from 32 bits uniformly
for all string instructions on newer hardware, RSI/RDI are only for MOVS
and STOS on the systems I have access to. (On an old family 0xf system
I've further found that for REP LODS even RCX is not zero-extended.)

Fixes: 79e996a89f69 ("x86emul: correct 64-bit mode repeated string insn 
handling with zero count")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
Partly RFC for none of this being documented anywhere (and it partly
being model specific); inquiry pending.

If I was asked, I would have claimed to have tested all string insns and
for both vendors back at the time. But pretty clearly I didn't, and
instead I did derive uniform behavior from just the MOVS and STOS
observations on just Intel hardware; I'm sorry for that.

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1589,7 +1589,7 @@ static inline void put_loop_count(
         regs->r(cx) = ad_bytes == 4 ? (uint32_t)count : count;
 }
 
-#define get_rep_prefix(using_si, using_di) ({                           \
+#define get_rep_prefix(extend_si, extend_di) ({                         \
     unsigned long max_reps = 1;                                         \
     if ( rep_prefix() )                                                 \
         max_reps = get_loop_count(&_regs, ad_bytes);                    \
@@ -1597,14 +1597,14 @@ static inline void put_loop_count(
     {                                                                   \
         /*                                                              \
          * Skip the instruction if no repetitions are required, but     \
-         * zero extend involved registers first when using 32-bit       \
+         * zero extend relevant registers first when using 32-bit       \
          * addressing in 64-bit mode.                                   \
          */                                                             \
-        if ( mode_64bit() && ad_bytes == 4 )                            \
+        if ( !amd_like(ctxt) && mode_64bit() && ad_bytes == 4 )         \
         {                                                               \
             _regs.r(cx) = 0;                                            \
-            if ( using_si ) _regs.r(si) = _regs.esi;                    \
-            if ( using_di ) _regs.r(di) = _regs.edi;                    \
+            if ( extend_si ) _regs.r(si) = _regs.esi;                   \
+            if ( extend_di ) _regs.r(di) = _regs.edi;                   \
         }                                                               \
         goto complete_insn;                                             \
     }                                                                   \
@@ -4248,7 +4248,7 @@ x86_emulate(
         goto imul;
 
     case 0x6c ... 0x6d: /* ins %dx,%es:%edi */ {
-        unsigned long nr_reps = get_rep_prefix(false, true);
+        unsigned long nr_reps = get_rep_prefix(false, false);
         unsigned int port = _regs.dx;
 
         dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes;
@@ -4289,7 +4289,7 @@ x86_emulate(
     }
 
     case 0x6e ... 0x6f: /* outs %esi,%dx */ {
-        unsigned long nr_reps = get_rep_prefix(true, false);
+        unsigned long nr_reps = get_rep_prefix(false, false);
         unsigned int port = _regs.dx;
 
         dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes;
@@ -4630,7 +4630,7 @@ x86_emulate(
     case 0xa6 ... 0xa7: /* cmps */ {
         unsigned long next_eip = _regs.r(ip);
 
-        get_rep_prefix(true, true);
+        get_rep_prefix(false, false);
         src.bytes = dst.bytes = (d & ByteOp) ? 1 : op_bytes;
         if ( (rc = read_ulong(ea.mem.seg, truncate_ea(_regs.r(si)),
                               &dst.val, dst.bytes, ctxt, ops)) ||
@@ -4672,7 +4672,7 @@ x86_emulate(
     }
 
     case 0xac ... 0xad: /* lods */
-        get_rep_prefix(true, false);
+        get_rep_prefix(false, false);
         if ( (rc = read_ulong(ea.mem.seg, truncate_ea(_regs.r(si)),
                               &dst.val, dst.bytes, ctxt, ops)) != 0 )
             goto done;
@@ -4683,7 +4683,7 @@ x86_emulate(
     case 0xae ... 0xaf: /* scas */ {
         unsigned long next_eip = _regs.r(ip);
 
-        get_rep_prefix(false, true);
+        get_rep_prefix(false, false);
         if ( (rc = read_ulong(x86_seg_es, truncate_ea(_regs.r(di)),
                               &dst.val, src.bytes, ctxt, ops)) != 0 )
             goto done;

Follow-Ups:
- Re: [PATCH 1/2][4.17] x86emul: further correct 64-bit mode zero count repeated string insn handling
  - From: Andrew Cooper

References:
- [PATCH 0/2][4.17] x86emul: string insn corrections
  - From: Jan Beulich

Prev by Date: [PATCH 0/2][4.17] x86emul: string insn corrections
Next by Date: [PATCH 2/2][4.17] x86emul: pull permission check ahead for REP INS/OUTS
Previous by thread: [PATCH 0/2][4.17] x86emul: string insn corrections
Next by thread: Re: [PATCH 1/2][4.17] x86emul: further correct 64-bit mode zero count repeated string insn handling
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.