Xen project Mailing List

[PATCH 2/2][4.17] x86emul: pull permission check ahead for REP INS/OUTS

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 6 Oct 2022 15:11:56 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/YV479IgiGvaTL6Y7CPDE6Fb2IX1fXKLM+JWhWgYffg=; b=Xl+krlR7HBjNTPlQjXBIU3FopNH72PSGpyq8TOdUBFlkA8sTZuRCERw3TzjIRm05xZOXOnyujxkvneGJHVjcR+5hzUGjXCOcMaYr6/+EWztNnUP1kBb3TipDxuBBoO7RXiM+TgHrtKZLFr9M1Jo8cT4+jmyn8FgTEYgGRthF5JijZnNhemAT28CXAI7ysBsqTYhMbVmrr3wtzqp++71TTmzMqcdXAnujjzU1wKHWA54f7rDmNbdfZUuzt2JSlbhiurQSqqAaDECbC2ni0wcBvas0vmRp2/afYRHPYST3m4tRlD47Y+Sq1NwkF4anrM4DO6ugFlZS5p1Att3kjD7Rsg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LNQ41SdZCEqKKSxinuUaOVllmAx7i/VNm42Jxx1O8f6i0nX4hZiQWAF6WiSEMmMMYItctoEWGmFWkAxcuAhpDA3QSJ9uGLjEDFJEePxAprXqQB1lWh4u5AlFO/t1Gmn8/DacU8U9xQpIJru2b6Ia1TKGWIihF/ifo1mtARfwvfS4RKNedyKvhTOEPYmReJOgf/JVEotacOruiPTaaRIlLRSKhcOTChNZEtdAX+BHWgcBAe7D6ZwFu+StFrfr7NLUeof5TkClHXVyEr5tk7A+/7doIAmzyl+xiwylZlCr46TrIckLyY+UaPPc2Nq/oI3k/dvImRcJywv5vxXGkcnTKw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>

Delivery-date: Thu, 06 Oct 2022 13:12:01 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Based on observations on a fair range of hardware from both primary vendors even zero-iteration-count instances of these insns perform the port related permission checking first. Fixes: fe300600464c ("x86: Fix emulation of REP prefix") Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- Partly RFC for this not being documented anywhere; inquiry pending. The referenced commit is still not really the one, but before it REP handling was so broken that I didn't want to go hunt further. --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -4248,14 +4248,15 @@ x86_emulate( goto imul; case 0x6c ... 0x6d: /* ins %dx,%es:%edi */ { - unsigned long nr_reps = get_rep_prefix(false, false); + unsigned long nr_reps; unsigned int port = _regs.dx; dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes; - dst.mem.seg = x86_seg_es; - dst.mem.off = truncate_ea_and_reps(_regs.r(di), nr_reps, dst.bytes); if ( (rc = ioport_access_check(port, dst.bytes, ctxt, ops)) != 0 ) goto done; + nr_reps = get_rep_prefix(false, false); + dst.mem.off = truncate_ea_and_reps(_regs.r(di), nr_reps, dst.bytes); + dst.mem.seg = x86_seg_es; /* Try the presumably most efficient approach first. */ if ( !ops->rep_ins ) nr_reps = 1; @@ -4289,13 +4290,14 @@ x86_emulate( } case 0x6e ... 0x6f: /* outs %esi,%dx */ { - unsigned long nr_reps = get_rep_prefix(false, false); + unsigned long nr_reps; unsigned int port = _regs.dx; dst.bytes = !(b & 1) ? 1 : (op_bytes == 8) ? 4 : op_bytes; - ea.mem.off = truncate_ea_and_reps(_regs.r(si), nr_reps, dst.bytes); if ( (rc = ioport_access_check(port, dst.bytes, ctxt, ops)) != 0 ) goto done; + nr_reps = get_rep_prefix(false, false); + ea.mem.off = truncate_ea_and_reps(_regs.r(si), nr_reps, dst.bytes); /* Try the presumably most efficient approach first. */ if ( !ops->rep_outs ) nr_reps = 1;

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.