* [PATCH 0/2] x86emul: recent XSA follow-up
@ 2016-11-22 14:09 Jan Beulich
2016-11-22 14:20 ` [PATCH 1/2] x86emul: simplify DstBitBase handling code Jan Beulich
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jan Beulich @ 2016-11-22 14:09 UTC (permalink / raw)
To: xen-devel; +Cc: George Dunlap, Andrew Cooper, Wei Liu
These aren't outright bug fixes, so aren't strictly candidates for 4.8,
but I think they're still worthwhile to consider.
1: simplify DstBitBase handling code
2: in_longmode() should not ignore ->read_msr() errors
Signed-off-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] x86emul: simplify DstBitBase handling code
2016-11-22 14:09 [PATCH 0/2] x86emul: recent XSA follow-up Jan Beulich
@ 2016-11-22 14:20 ` Jan Beulich
2016-11-22 14:23 ` Andrew Cooper
2016-11-22 14:20 ` [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors Jan Beulich
2016-11-23 14:14 ` [PATCH 0/2] x86emul: recent XSA follow-up Wei Liu
2 siblings, 1 reply; 6+ messages in thread
From: Jan Beulich @ 2016-11-22 14:20 UTC (permalink / raw)
To: xen-devel; +Cc: George Dunlap, Andrew Cooper, Wei Liu
[-- Attachment #1: Type: text/plain, Size: 2062 bytes --]
..., at once making it more obvious that even in the negative bit
offset case the resulting bit offset to be used by the inlined
instructions will always be constrained to the operand size of the
original instruction.
Also add a test case which would have failed without the XSA-195 fix.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/tools/tests/x86_emulator/test_x86_emulator.c
+++ b/tools/tests/x86_emulator/test_x86_emulator.c
@@ -431,6 +431,22 @@ int main(int argc, char **argv)
goto fail;
printf("okay\n");
+#ifdef __x86_64__
+ printf("%-40s", "Testing btcq %r8,(%r11)...");
+ instr[0] = 0x4d; instr[1] = 0x0f; instr[2] = 0xbb; instr[3] = 0x03;
+ regs.eflags = 0x200;
+ regs.rip = (unsigned long)&instr[0];
+ regs.r8 = (-1L << 40) + 1;
+ regs.r11 = (unsigned long)(res + (1L << 35));
+ rc = x86_emulate(&ctxt, &emulops);
+ if ( (rc != X86EMUL_OKAY) ||
+ (*res != 0x2233445C) ||
+ (regs.eflags != 0x201) ||
+ (regs.rip != (unsigned long)&instr[4]) )
+ goto fail;
+ printf("okay\n");
+#endif
+
res[0] = 0x12345678;
res[1] = 0x87654321;
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2560,18 +2560,11 @@ x86_emulate(
else if ( op_bytes == 4 )
src.val = (int32_t)src.val;
if ( (long)src.val < 0 )
- {
- unsigned long byte_offset =
+ ea.mem.off -=
op_bytes + (((-src.val - 1) >> 3) & ~(op_bytes - 1L));
-
- ea.mem.off -= byte_offset;
- src.val = (byte_offset << 3) + src.val;
- }
else
- {
ea.mem.off += (src.val >> 3) & ~(op_bytes - 1L);
- src.val &= (op_bytes << 3) - 1;
- }
+ src.val &= (op_bytes << 3) - 1;
}
/* Becomes a normal DstMem operation from here on. */
d = (d & ~DstMask) | DstMem;
[-- Attachment #2: x86emul-bt-consolidate.patch --]
[-- Type: text/plain, Size: 2102 bytes --]
x86emul: simplify DstBitBase handling code
..., at once making it more obvious that even in the negative bit
offset case the resulting bit offset to be used by the inlined
instructions will always be constrained to the operand size of the
original instruction.
Also add a test case which would have failed without the XSA-195 fix.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/tools/tests/x86_emulator/test_x86_emulator.c
+++ b/tools/tests/x86_emulator/test_x86_emulator.c
@@ -431,6 +431,22 @@ int main(int argc, char **argv)
goto fail;
printf("okay\n");
+#ifdef __x86_64__
+ printf("%-40s", "Testing btcq %r8,(%r11)...");
+ instr[0] = 0x4d; instr[1] = 0x0f; instr[2] = 0xbb; instr[3] = 0x03;
+ regs.eflags = 0x200;
+ regs.rip = (unsigned long)&instr[0];
+ regs.r8 = (-1L << 40) + 1;
+ regs.r11 = (unsigned long)(res + (1L << 35));
+ rc = x86_emulate(&ctxt, &emulops);
+ if ( (rc != X86EMUL_OKAY) ||
+ (*res != 0x2233445C) ||
+ (regs.eflags != 0x201) ||
+ (regs.rip != (unsigned long)&instr[4]) )
+ goto fail;
+ printf("okay\n");
+#endif
+
res[0] = 0x12345678;
res[1] = 0x87654321;
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2560,18 +2560,11 @@ x86_emulate(
else if ( op_bytes == 4 )
src.val = (int32_t)src.val;
if ( (long)src.val < 0 )
- {
- unsigned long byte_offset =
+ ea.mem.off -=
op_bytes + (((-src.val - 1) >> 3) & ~(op_bytes - 1L));
-
- ea.mem.off -= byte_offset;
- src.val = (byte_offset << 3) + src.val;
- }
else
- {
ea.mem.off += (src.val >> 3) & ~(op_bytes - 1L);
- src.val &= (op_bytes << 3) - 1;
- }
+ src.val &= (op_bytes << 3) - 1;
}
/* Becomes a normal DstMem operation from here on. */
d = (d & ~DstMask) | DstMem;
[-- Attachment #3: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors
2016-11-22 14:09 [PATCH 0/2] x86emul: recent XSA follow-up Jan Beulich
2016-11-22 14:20 ` [PATCH 1/2] x86emul: simplify DstBitBase handling code Jan Beulich
@ 2016-11-22 14:20 ` Jan Beulich
2016-11-22 14:25 ` Andrew Cooper
2016-11-23 14:14 ` [PATCH 0/2] x86emul: recent XSA follow-up Wei Liu
2 siblings, 1 reply; 6+ messages in thread
From: Jan Beulich @ 2016-11-22 14:20 UTC (permalink / raw)
To: xen-devel; +Cc: George Dunlap, Andrew Cooper, Wei Liu
[-- Attachment #1: Type: text/plain, Size: 517 bytes --]
Suggested-by: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1296,10 +1296,10 @@ in_longmode(
{
uint64_t efer;
- if (ops->read_msr == NULL)
+ if ( !ops->read_msr ||
+ unlikely(ops->read_msr(MSR_EFER, &efer, ctxt) != X86EMUL_OKAY) )
return -1;
- ops->read_msr(MSR_EFER, &efer, ctxt);
return !!(efer & EFER_LMA);
}
[-- Attachment #2: x86emul-in_longmode-error-handling.patch --]
[-- Type: text/plain, Size: 575 bytes --]
x86emul: in_longmode() should not ignore ->read_msr() errors
Suggested-by: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1296,10 +1296,10 @@ in_longmode(
{
uint64_t efer;
- if (ops->read_msr == NULL)
+ if ( !ops->read_msr ||
+ unlikely(ops->read_msr(MSR_EFER, &efer, ctxt) != X86EMUL_OKAY) )
return -1;
- ops->read_msr(MSR_EFER, &efer, ctxt);
return !!(efer & EFER_LMA);
}
[-- Attachment #3: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] x86emul: simplify DstBitBase handling code
2016-11-22 14:20 ` [PATCH 1/2] x86emul: simplify DstBitBase handling code Jan Beulich
@ 2016-11-22 14:23 ` Andrew Cooper
0 siblings, 0 replies; 6+ messages in thread
From: Andrew Cooper @ 2016-11-22 14:23 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: George Dunlap, Wei Liu
On 22/11/16 14:20, Jan Beulich wrote:
> ..., at once making it more obvious that even in the negative bit
> offset case the resulting bit offset to be used by the inlined
> instructions will always be constrained to the operand size of the
> original instruction.
>
> Also add a test case which would have failed without the XSA-195 fix.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors
2016-11-22 14:20 ` [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors Jan Beulich
@ 2016-11-22 14:25 ` Andrew Cooper
0 siblings, 0 replies; 6+ messages in thread
From: Andrew Cooper @ 2016-11-22 14:25 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: George Dunlap, Wei Liu
On 22/11/16 14:20, Jan Beulich wrote:
> Suggested-by: George Dunlap <george.dunlap@citrix.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Possibly worth nothing in the commit message that the current
implementation of this hook when present never fails with MSR_EFER?
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c
> @@ -1296,10 +1296,10 @@ in_longmode(
> {
> uint64_t efer;
>
> - if (ops->read_msr == NULL)
> + if ( !ops->read_msr ||
> + unlikely(ops->read_msr(MSR_EFER, &efer, ctxt) != X86EMUL_OKAY) )
> return -1;
>
> - ops->read_msr(MSR_EFER, &efer, ctxt);
> return !!(efer & EFER_LMA);
> }
>
>
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] x86emul: recent XSA follow-up
2016-11-22 14:09 [PATCH 0/2] x86emul: recent XSA follow-up Jan Beulich
2016-11-22 14:20 ` [PATCH 1/2] x86emul: simplify DstBitBase handling code Jan Beulich
2016-11-22 14:20 ` [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors Jan Beulich
@ 2016-11-23 14:14 ` Wei Liu
2 siblings, 0 replies; 6+ messages in thread
From: Wei Liu @ 2016-11-23 14:14 UTC (permalink / raw)
To: Jan Beulich; +Cc: George Dunlap, xen-devel, Wei Liu, Andrew Cooper
On Tue, Nov 22, 2016 at 07:09:04AM -0700, Jan Beulich wrote:
> These aren't outright bug fixes, so aren't strictly candidates for 4.8,
> but I think they're still worthwhile to consider.
>
> 1: simplify DstBitBase handling code
> 2: in_longmode() should not ignore ->read_msr() errors
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-11-23 14:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-22 14:09 [PATCH 0/2] x86emul: recent XSA follow-up Jan Beulich
2016-11-22 14:20 ` [PATCH 1/2] x86emul: simplify DstBitBase handling code Jan Beulich
2016-11-22 14:23 ` Andrew Cooper
2016-11-22 14:20 ` [PATCH 2/2] x86emul: in_longmode() should not ignore ->read_msr() errors Jan Beulich
2016-11-22 14:25 ` Andrew Cooper
2016-11-23 14:14 ` [PATCH 0/2] x86emul: recent XSA follow-up Wei Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).