diff options
Diffstat (limited to 'system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch')
-rw-r--r-- | system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch b/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch new file mode 100644 index 0000000000000..cb73a81042e6f --- /dev/null +++ b/system/xen/xsa/xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch @@ -0,0 +1,28 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary + +The Force Emulation Prefix is named to follow its PV counterpart for cpuid or +rdtsc, but isn't really an instruction prefix. It behaves as a break-out into +Xen, with the purpose of emulating the next instruction in the current state. + +It is important to be able to test legal situations which occur in real +hardware, including instruction which cross certain boundaries, and +instructions starting at 0. + +Reported-by: Brian Marcotte <marcotte@panix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -3905,6 +3905,10 @@ void hvm_ud_intercept(struct cpu_user_re + { + regs->eip += sizeof(sig); + regs->eflags &= ~X86_EFLAGS_RF; ++ ++ /* Zero the upper 32 bits of %rip if not in long mode. */ ++ if ( !(hvm_long_mode_enabled(cur) && cs.attr.fields.l) ) ++ regs->eip = regs->_eip; + } + } + |