|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 12/13] fuzz/x86_emulate: Set and fuzz more CPU state
On 10/06/2017 12:56 PM, Jan Beulich wrote:
>>>> On 25.09.17 at 16:26, <george.dunlap@xxxxxxxxxx> wrote:
>> @@ -597,6 +599,47 @@ static const struct x86_emulate_ops all_fuzzer_ops = {
>> };
>> #undef SET
>>
>> +static void _set_fpu_state(char *fxsave, bool store)
>> +{
>> + if ( cpu_has_fxsr )
>> + {
>> + static union __attribute__((__aligned__(16))) {
>> + char x[464];
>> + struct {
>> + uint32_t other[6];
>> + uint32_t mxcsr;
>> + uint32_t mxcsr_mask;
>> + /* ... */
>> + };
>> + } *fxs;
>> +
>> + fxs = (typeof(fxs)) fxsave;
>> +
>> + if ( store ) {
>> + char null[512] __attribute__((aligned(16))) = { 0 };
>> + asm volatile(" fxrstor %0; "::"m"(*null));
>> + asm volatile(" fxrstor %0; "::"m"(*fxsave));
>> + }
>> +
>> + asm volatile( "fxsave %0" : "=m" (*fxs) );
>> +
>> + if ( fxs->mxcsr_mask )
>> + mxcsr_mask = fxs->mxcsr_mask;
>> + else
>> + mxcsr_mask = 0x000ffbf;
>
> Actually - why is this necessary? I.e. why isn't emul_test_init()
> setting mxcsr_mask sufficient?
This is me not understanding what's going on. I've removed this bit,
and modified this function to do the 'sanitation' -- to mask off mxcsr
before doing the fxrstor (and removed the change from "sanitize_input").
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |