From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 18/21] KVM: x86: Emulator mis-decodes VEX instructions
 on real-mode
Date: Sat, 08 Nov 2014 08:25:27 +0100
Message-ID: <545DC567.1080402@redhat.com>
References: <1414922101-17626-1-git-send-email-namit@cs.technion.ac.il> <1414922101-17626-19-git-send-email-namit@cs.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org, nadav.amit@gmail.com
To: Nadav Amit <namit@cs.technion.ac.il>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wg0-f52.google.com ([74.125.82.52]:47324 "EHLO
	mail-wg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752940AbaKHHZd (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sat, 8 Nov 2014 02:25:33 -0500
Received: by mail-wg0-f52.google.com with SMTP id b13so5228134wgh.11
        for <kvm@vger.kernel.org>; Fri, 07 Nov 2014 23:25:31 -0800 (PST)
In-Reply-To: <1414922101-17626-19-git-send-email-namit@cs.technion.ac.il>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 02/11/2014 10:54, Nadav Amit wrote:
> Commit 7fe864dc942c ("KVM: x86: Emulator considers imm as memory operand")
> marked VEX instructions as such in protected mode.  VEX-prefix instructions are
> not supported relevant on real-mode and VM86, but should cause #UD instead of
> being decoded as LES/LDS.
> 
> Fix this behaviour to be consistent with real hardware.
> 
> Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
> ---
>  arch/x86/kvm/emulate.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index db8cb4d6..24b0df7 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -4505,8 +4505,7 @@ done_prefixes:
>  
>  	/* vex-prefix instructions are not implemented */
>  	if (ctxt->opcode_len == 1 && (ctxt->b == 0xc5 || ctxt->b == 0xc4) &&
> -	    (mode == X86EMUL_MODE_PROT64 ||
> -	    (mode >= X86EMUL_MODE_PROT16 && (ctxt->modrm & 0x80)))) {
> +	    (mode == X86EMUL_MODE_PROT64 || (ctxt->modrm & 0x80))) {

This should also check for (ctxt->modrm & 0xc0) == 0xc0 instead of just
ctxt->modrm & 0x80.  Otherwise, installation of Windows XP and 2003 is
broken on pre-Westmere system, because they execute LDS in the process
of transitioning from 16- to 32-bit protected mode.

This was not visible before because at this point CS is already 32-bit;
I fixed the patch.

Paolo

>  		ctxt->d = NotImpl;
>  	}
>  
>