From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Guthro <bguthro@virtualiron.com>
Subject: [PATCH]
Date: Tue, 08 Jan 2008 13:09:20 -0500
Message-ID: <4783BC50.5050407@virtualiron.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------020304070704010204070908"
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel <xen-devel@lists.xensource.com>
Cc: Gary Grebus <ggrebus@virtualiron.com>
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.
--------------020304070704010204070908
Content-Type: multipart/alternative;
	boundary="------------050408010602040208080104"


--------------050408010602040208080104
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

We feel this should be considered for 3.2 - apologies for the late submission.


Fix x86_emulate() handling of imul with immediate operands.

This fixes a repeatable crash in RHEL 4.2 ext2 filesystem during boot.

Signed-off-by: Gary Grebus <ggrebus@virtualiron.com>
Signed-off-by: Ben Guthro <bguthro@virtualiron.com>


--------------050408010602040208080104
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="arial">
<pre><font><font face="arial"><pre>We feel this should be considered for 3.2 - apologies for the late submission.</pre></font></font>
Fix x86_emulate() handling of imul with immediate operands.

This fixes a repeatable crash in RHEL 4.2 ext2 filesystem during boot.

Signed-off-by: Gary Grebus <a class="moz-txt-link-rfc2396E" href="mailto:ggrebus@virtualiron.com">&lt;ggrebus@virtualiron.com&gt;</a>
Signed-off-by: Ben Guthro <a class="moz-txt-link-rfc2396E" href="mailto:bguthro@virtualiron.com">&lt;bguthro@virtualiron.com&gt;</a>
</pre>
</font>
</body>
</html>

--------------050408010602040208080104--

--------------020304070704010204070908
Content-Type: text/x-patch;
 name="xen-emulate-imul.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="xen-emulate-imul.patch"

diff -r c3f713613c42 xen/arch/x86/x86_emulate.c
--- a/xen/arch/x86/x86_emulate.c	Thu Jan 03 07:38:32 2008 -0500
+++ b/xen/arch/x86/x86_emulate.c	Thu Jan 03 07:38:32 2008 -0500
@@ -103,8 +103,8 @@ static uint8_t opcode_table[256] = {
     ImplicitOps, ImplicitOps, DstReg|SrcMem|ModRM, DstReg|SrcMem16|ModRM|Mov,
     0, 0, 0, 0,
     /* 0x68 - 0x6F */
-    ImplicitOps|Mov, DstMem|SrcImm|ModRM|Mov,
-    ImplicitOps|Mov, DstMem|SrcImmByte|ModRM|Mov,
+    ImplicitOps|Mov, DstReg|SrcImm|ModRM|Mov,
+    ImplicitOps|Mov, DstReg|SrcImmByte|ModRM|Mov,
     ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
     /* 0x70 - 0x77 */
     ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
@@ -1331,34 +1331,37 @@ x86_emulate(
 
     case 0x69: /* imul imm16/32 */
     case 0x6b: /* imul imm8 */ {
-        unsigned long reg = *(long *)decode_register(modrm_reg, &_regs, 0);
+        unsigned long src1;        /* ModR/M and imm are both source operands */
+	if (ea.type == OP_REG)
+            src1 = *ea.reg;
+        else if ( (rc = ops->read(ea.mem.seg, ea.mem.off,
+                                  &src1, op_bytes, ctxt)) )
+            goto done;
         _regs.eflags &= ~(EFLG_OF|EFLG_CF);
         switch ( dst.bytes )
         {
         case 2:
             dst.val = ((uint32_t)(int16_t)src.val *
-                       (uint32_t)(int16_t)reg);
+                       (uint32_t)(int16_t)src1);
             if ( (int16_t)dst.val != (uint32_t)dst.val )
                 _regs.eflags |= EFLG_OF|EFLG_CF;
             break;
 #ifdef __x86_64__
         case 4:
             dst.val = ((uint64_t)(int32_t)src.val *
-                       (uint64_t)(int32_t)reg);
+                       (uint64_t)(int32_t)src1);
             if ( (int32_t)dst.val != dst.val )
                 _regs.eflags |= EFLG_OF|EFLG_CF;
             break;
 #endif
         default: {
-            unsigned long m[2] = { src.val, reg };
+            unsigned long m[2] = { src.val, src1 };
             if ( imul_dbl(m) )
                 _regs.eflags |= EFLG_OF|EFLG_CF;
             dst.val = m[0];
             break;
         }
         }
-        dst.type = OP_REG;
-        dst.reg  = decode_register(modrm_reg, &_regs, 0);
         break;
     }
 

--------------020304070704010204070908
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--------------020304070704010204070908--