[PATCH] x86: emulate lea with two register operands correctly

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] x86: emulate lea with two register operands correctly
@ 2012-01-05 15:03 David Vrabel
  2012-01-05 15:49 ` Keir Fraser
  0 siblings, 1 reply; 5+ messages in thread
From: David Vrabel @ 2012-01-05 15:03 UTC (permalink / raw)
  To: xen-devel; +Cc: David Vrabel

An lea instruction with two register operands should raise an
undefined instruction exception.

Skype does such a instruction and will crash when starting if it does
not get the exception.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>

diff -r efaa28639a71 -r e25b7798f13b xen/arch/x86/x86_emulate/x86_emulate.c
--- a/xen/arch/x86/x86_emulate/x86_emulate.c	Wed Jan 04 16:12:44 2012 +0000
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c	Thu Jan 05 14:58:56 2012 +0000
@@ -2240,6 +2240,7 @@ x86_emulate(
     }
 
     case 0x8d: /* lea */
+        generate_exception_if(modrm_mod == 3, EXC_UD, -1);
         dst.val = ea.mem.off;
         break;

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86: emulate lea with two register operands correctly
  2012-01-05 15:03 [PATCH] x86: emulate lea with two register operands correctly David Vrabel
@ 2012-01-05 15:49 ` Keir Fraser
  2012-01-05 16:06   ` Tim Deegan
  2012-01-05 16:17   ` David Vrabel
  0 siblings, 2 replies; 5+ messages in thread
From: Keir Fraser @ 2012-01-05 15:49 UTC (permalink / raw)
  To: David Vrabel, xen-devel

On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote:

> An lea instruction with two register operands should raise an
> undefined instruction exception.
> 
> Skype does such a instruction and will crash when starting if it does
> not get the exception.

Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made
that change before committing this patch. It's now in xen-unstable staging.

It's a bit concerning that we're emulating LEA at all, perhaps. I wonder if
a pagetable page has been reused as a code page and we didn't notice yet? Or
is there some other reason that skype is getting emulated? :-)

 -- Keir

> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
> 
> diff -r efaa28639a71 -r e25b7798f13b xen/arch/x86/x86_emulate/x86_emulate.c
> --- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Jan 04 16:12:44 2012 +0000
> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c Thu Jan 05 14:58:56 2012 +0000
> @@ -2240,6 +2240,7 @@ x86_emulate(
>      }
>  
>      case 0x8d: /* lea */
> +        generate_exception_if(modrm_mod == 3, EXC_UD, -1);
>          dst.val = ea.mem.off;
>          break;
>  
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86: emulate lea with two register operands correctly
  2012-01-05 15:49 ` Keir Fraser
@ 2012-01-05 16:06   ` Tim Deegan
  2012-01-05 19:03     ` Keir Fraser
  2012-01-05 16:17   ` David Vrabel
  1 sibling, 1 reply; 5+ messages in thread
From: Tim Deegan @ 2012-01-05 16:06 UTC (permalink / raw)
  To: Keir Fraser; +Cc: xen-devel, David Vrabel

At 15:49 +0000 on 05 Jan (1325778595), Keir Fraser wrote:
> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote:
> 
> > An lea instruction with two register operands should raise an
> > undefined instruction exception.
> > 
> > Skype does such a instruction and will crash when starting if it does
> > not get the exception.
> 
> Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made
> that change before committing this patch. It's now in xen-unstable staging.
> 
> It's a bit concerning that we're emulating LEA at all, perhaps. I wonder if
> a pagetable page has been reused as a code page and we didn't notice yet? Or
> is there some other reason that skype is getting emulated? :-)

#UD exceptions in HVM are passed to the emulator (IIRC as part of the
cross-vendor migration patches, so SYSENTER & friends could be managed).

Tim.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86: emulate lea with two register operands correctly
  2012-01-05 16:06   ` Tim Deegan
@ 2012-01-05 19:03     ` Keir Fraser
  0 siblings, 0 replies; 5+ messages in thread
From: Keir Fraser @ 2012-01-05 19:03 UTC (permalink / raw)
  To: Tim Deegan; +Cc: xen-devel, David Vrabel

On 05/01/2012 16:06, "Tim Deegan" <tim@xen.org> wrote:

> At 15:49 +0000 on 05 Jan (1325778595), Keir Fraser wrote:
>> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote:
>> 
>>> An lea instruction with two register operands should raise an
>>> undefined instruction exception.
>>> 
>>> Skype does such a instruction and will crash when starting if it does
>>> not get the exception.
>> 
>> Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made
>> that change before committing this patch. It's now in xen-unstable staging.
>> 
>> It's a bit concerning that we're emulating LEA at all, perhaps. I wonder if
>> a pagetable page has been reused as a code page and we didn't notice yet? Or
>> is there some other reason that skype is getting emulated? :-)
> 
> #UD exceptions in HVM are passed to the emulator (IIRC as part of the
> cross-vendor migration patches, so SYSENTER & friends could be managed).

Duh, good point.

 -- Keir

> Tim.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86: emulate lea with two register operands correctly
  2012-01-05 15:49 ` Keir Fraser
  2012-01-05 16:06   ` Tim Deegan
@ 2012-01-05 16:17   ` David Vrabel
  1 sibling, 0 replies; 5+ messages in thread
From: David Vrabel @ 2012-01-05 16:17 UTC (permalink / raw)
  To: Keir Fraser; +Cc: xen-devel@lists.xensource.com

On 05/01/12 15:49, Keir Fraser wrote:
> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote:
> 
>> An lea instruction with two register operands should raise an
>> undefined instruction exception.
>>
>> Skype does such a instruction and will crash when starting if it does
>> not get the exception.
> 
> Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made
> that change before committing this patch. It's now in xen-unstable staging.

That works for me, thanks.

I also think this patch should be a 4.1 candidate.

David

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2012-01-05 19:03 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-05 15:03 [PATCH] x86: emulate lea with two register operands correctly David Vrabel
2012-01-05 15:49 ` Keir Fraser
2012-01-05 16:06   ` Tim Deegan
2012-01-05 19:03     ` Keir Fraser
2012-01-05 16:17   ` David Vrabel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).