* [PATCH] x86emul: fix XOP decode
@ 2016-10-24 12:17 Jan Beulich
2016-10-24 14:40 ` Andrew Cooper
0 siblings, 1 reply; 3+ messages in thread
From: Jan Beulich @ 2016-10-24 12:17 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, Wei Liu
[-- Attachment #1: Type: text/plain, Size: 1554 bytes --]
Commit f09902c456 ("x86emul: add XOP decoding") ended up overwriting b
prior to the last use of its previously stored value. SLightly defer
fetching the main opcode byte.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2075,11 +2075,10 @@ x86_decode(
if ( mode_64bit() && !vex.r )
rex_prefix |= REX_R;
- b = insn_fetch_type(uint8_t);
- opcode |= b | MASK_INSR(vex.pfx, X86EMUL_OPC_PFX_MASK);
ext = vex.opcx;
if ( b != 0x8f )
{
+ b = insn_fetch_type(uint8_t);
switch ( ext )
{
case vex_0f:
@@ -2102,6 +2101,7 @@ x86_decode(
else if ( ext < ext_8f08 +
sizeof(xop_table) / sizeof(*xop_table) )
{
+ b = insn_fetch_type(uint8_t);
opcode |= MASK_INSR(0x8f08 + ext - ext_8f08,
X86EMUL_OPC_EXT_MASK);
d = xop_table[ext - ext_8f08];
@@ -2112,6 +2112,8 @@ x86_decode(
goto done;
}
+ opcode |= b | MASK_INSR(vex.pfx, X86EMUL_OPC_PFX_MASK);
+
modrm = insn_fetch_type(uint8_t);
modrm_mod = (modrm & 0xc0) >> 6;
[-- Attachment #2: x86emul-decode-XOP-fix.patch --]
[-- Type: text/plain, Size: 1577 bytes --]
x86emul: fix XOP decode
Commit f09902c456 ("x86emul: add XOP decoding") ended up overwriting b
prior to the last use of its previously stored value. SLightly defer
fetching the main opcode byte.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2075,11 +2075,10 @@ x86_decode(
if ( mode_64bit() && !vex.r )
rex_prefix |= REX_R;
- b = insn_fetch_type(uint8_t);
- opcode |= b | MASK_INSR(vex.pfx, X86EMUL_OPC_PFX_MASK);
ext = vex.opcx;
if ( b != 0x8f )
{
+ b = insn_fetch_type(uint8_t);
switch ( ext )
{
case vex_0f:
@@ -2102,6 +2101,7 @@ x86_decode(
else if ( ext < ext_8f08 +
sizeof(xop_table) / sizeof(*xop_table) )
{
+ b = insn_fetch_type(uint8_t);
opcode |= MASK_INSR(0x8f08 + ext - ext_8f08,
X86EMUL_OPC_EXT_MASK);
d = xop_table[ext - ext_8f08];
@@ -2112,6 +2112,8 @@ x86_decode(
goto done;
}
+ opcode |= b | MASK_INSR(vex.pfx, X86EMUL_OPC_PFX_MASK);
+
modrm = insn_fetch_type(uint8_t);
modrm_mod = (modrm & 0xc0) >> 6;
[-- Attachment #3: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86emul: fix XOP decode
2016-10-24 12:17 [PATCH] x86emul: fix XOP decode Jan Beulich
@ 2016-10-24 14:40 ` Andrew Cooper
2016-10-24 14:44 ` Wei Liu
0 siblings, 1 reply; 3+ messages in thread
From: Andrew Cooper @ 2016-10-24 14:40 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Wei Liu
On 24/10/16 13:17, Jan Beulich wrote:
> Commit f09902c456 ("x86emul: add XOP decoding") ended up overwriting b
> prior to the last use of its previously stored value. SLightly defer
> fetching the main opcode byte.
>
> Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86emul: fix XOP decode
2016-10-24 14:40 ` Andrew Cooper
@ 2016-10-24 14:44 ` Wei Liu
0 siblings, 0 replies; 3+ messages in thread
From: Wei Liu @ 2016-10-24 14:44 UTC (permalink / raw)
To: Andrew Cooper; +Cc: xen-devel, Wei Liu, Jan Beulich
On Mon, Oct 24, 2016 at 03:40:03PM +0100, Andrew Cooper wrote:
> On 24/10/16 13:17, Jan Beulich wrote:
> > Commit f09902c456 ("x86emul: add XOP decoding") ended up overwriting b
> > prior to the last use of its previously stored value. SLightly defer
> > fetching the main opcode byte.
> >
> > Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
> > Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-10-24 14:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-24 12:17 [PATCH] x86emul: fix XOP decode Jan Beulich
2016-10-24 14:40 ` Andrew Cooper
2016-10-24 14:44 ` Wei Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).