[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] x86/32on64: misc adjustments to call gate emulation

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Wed, 07 Sep 2016 15:44:33 +0000
Delivery-date: Wed, 07 Sep 2016 15:44:36 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 40592ed5717c772eb4e4757f4a8792fac6cfa361
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Sep 6 11:51:05 2016 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Sep 6 11:51:05 2016 +0200

    x86/32on64: misc adjustments to call gate emulation
    
    - There's no 32-bit displacement in 16-bit addressing mode.
    - It is wrong to ASSERT() anything on parts of an instruction fetched
      from guest memory.
    - The two scaling bits of a SIB byte don't affect whether there is a
      scaled index register or not.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: ee1cc4bfdca84d526805c4c72302c026f5e9cd94
    master date: 2016-09-01 15:23:46 +0200
---
 xen/arch/x86/traps.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index c6231b5..16d979d 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2968,7 +2968,7 @@ static void emulate_gate_op(struct cpu_user_regs *regs)
                             sib = insn_fetch(u8, base, eip, limit);
 
                             modrm = (modrm & ~7) | (sib & 7);
-                            if ( (sib >>= 3) != 4 )
+                            if ( ((sib >>= 3) & 7) != 4 )
                                 opnd_off = *(unsigned long *)
                                     decode_register(sib & 7, regs, 0);
                             opnd_off <<= sib >> 3;
@@ -3028,7 +3028,10 @@ static void emulate_gate_op(struct cpu_user_regs *regs)
                         opnd_off += insn_fetch(s8, base, eip, limit);
                         break;
                     case 0x80:
-                        opnd_off += insn_fetch(s32, base, eip, limit);
+                        if ( ad_bytes > 2 )
+                            opnd_off += insn_fetch(s32, base, eip, limit);
+                        else
+                            opnd_off += insn_fetch(s16, base, eip, limit);
                         break;
                     }
                     if ( ad_bytes == 4 )
@@ -3065,8 +3068,7 @@ static void emulate_gate_op(struct cpu_user_regs *regs)
 #define ad_default ad_bytes
     opnd_sel = insn_fetch(u16, base, opnd_off, limit);
 #undef ad_default
-    ASSERT((opnd_sel & ~3) == regs->error_code);
-    if ( dpl < (opnd_sel & 3) )
+    if ( (opnd_sel & ~3) != regs->error_code || dpl < (opnd_sel & 3) )
     {
         do_guest_trap(TRAP_gp_fault, regs, 1);
         return;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.6] xen: Remove buggy initial placement algorithm
Next by Date: [Xen-changelog] [xen stable-4.6] credit1: fix a race when picking initial pCPU for a vCPU
Previous by thread: [Xen-changelog] [xen stable-4.6] xen: Remove buggy initial placement algorithm
Next by thread: [Xen-changelog] [xen stable-4.6] credit1: fix a race when picking initial pCPU for a vCPU
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.