aboutsummaryrefslogtreecommitdiff
path: root/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch')
-rw-r--r--system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch b/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
new file mode 100644
index 0000000000000..cb73a81042e6f
--- /dev/null
+++ b/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
@@ -0,0 +1,28 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary
+
+The Force Emulation Prefix is named to follow its PV counterpart for cpuid or
+rdtsc, but isn't really an instruction prefix. It behaves as a break-out into
+Xen, with the purpose of emulating the next instruction in the current state.
+
+It is important to be able to test legal situations which occur in real
+hardware, including instruction which cross certain boundaries, and
+instructions starting at 0.
+
+Reported-by: Brian Marcotte <marcotte@panix.com>
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3905,6 +3905,10 @@ void hvm_ud_intercept(struct cpu_user_re
+ {
+ regs->eip += sizeof(sig);
+ regs->eflags &= ~X86_EFLAGS_RF;
++
++ /* Zero the upper 32 bits of %rip if not in long mode. */
++ if ( !(hvm_long_mode_enabled(cur) && cs.attr.fields.l) )
++ regs->eip = regs->_eip;
+ }
+ }
+