diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2017-03-27 17:34:50 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2017-03-27 17:34:50 +0100 |
| commit | eb06c9e2d3c8f026a206e8402b0ffa201060ec8e (patch) | |
| tree | a85e2ad6fe3d61e7e3665be8574543e9e1913fdb /target | |
| parent | 9366f53d509ae31bf7acb33e2eb7804e16fe70d4 (diff) | |
| parent | bed58b4443b001227b953dca80ce76fa76ea0fc1 (diff) | |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* MTTCG fix for win32
* virtio-scsi assertion failure
* mem-prealloc coverity fix
* x86 migration revert which requires more thought
* x86 instruction limit (avoids >2 page translation blocks)
* nbd dead code cleanup
* small memory.c logic fix
# gpg: Signature made Mon 27 Mar 2017 17:03:04 BST
# gpg: using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
scsi-generic: Fill in opt_xfer_len in INQUIRY reply if it is zero
Revert "apic: save apic_delivered flag"
nbd: drop unused NBDClientSession.is_unix field
win32: replace custom mutex and condition variable with native primitives
mem-prealloc: fix sysconf(_SC_NPROCESSORS_ONLN) failure case.
tcg/i386: Check the size of instruction being translated
virtio-scsi: Fix acquire/release in dataplane handlers
virtio-scsi: Make virtio_scsi_acquire/release public
clear pending status before calling memory commit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target')
| -rw-r--r-- | target/i386/translate.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/target/i386/translate.c b/target/i386/translate.c index 72c1b03a2a..1d1372fb43 100644 --- a/target/i386/translate.c +++ b/target/i386/translate.c @@ -4418,6 +4418,13 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, s->vex_l = 0; s->vex_v = 0; next_byte: + /* x86 has an upper limit of 15 bytes for an instruction. Since we + * do not want to decode and generate IR for an illegal + * instruction, the following check limits the instruction size to + * 25 bytes: 14 prefix + 1 opc + 6 (modrm+sib+ofs) + 4 imm */ + if (s->pc - pc_start > 14) { + goto illegal_op; + } b = cpu_ldub_code(env, s->pc); s->pc++; /* Collect prefixes. */ |