[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86emul: properly refuse LOCK on most 0FC7 insns

To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 22 Sep 2017 03:02:50 -0600
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Fri, 22 Sep 2017 09:03:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

When adding support for RDRAND/RDSEED/RDPID I didn't remember to also
update this special early check. Make it (hopefully) future-proof by
also refusing VEX-encodings.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3087,7 +3087,9 @@ x86_emulate(
          * The only implicit-operands instructions allowed a LOCK prefix are
          * CMPXCHG{8,16}B (MOV CRn is being handled elsewhere).
          */
-        generate_exception_if(lock_prefix && (ext != ext_0f || b != 0xc7),
+        generate_exception_if(lock_prefix &&
+                              (vex.opcx || ext != ext_0f || b != 0xc7 ||
+                               (modrm_reg & 7) != 1 || ea.type != OP_MEM),
                               EXC_UD);
         dst.type = OP_NONE;
         break;




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86emul: properly refuse LOCK on most 0FC7 insns
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] pci-passthrough loses msi-x interrupts ability after domain destroy
Next by Date: [Xen-devel] [PATCH] x86: avoid #GP for PV guest MSR accesses
Previous by thread: [Xen-devel] [distros-debian-jessie test] 72137: tolerable trouble: blocked/broken/fail/pass
Next by thread: Re: [Xen-devel] [PATCH] x86emul: properly refuse LOCK on most 0FC7 insns
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.