3f55414718
- Upstream or pending upstream patches from Jan 25587-fix-off-by-one-parsing-error.patch 25616-x86-MCi_CTL-default.patch 25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch - bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m teardown host DoS vulnerability CVE-2012-3433-xsa11.patch - bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO emulation DoS 25682-x86-inconsistent-io-state.patch - bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service 25589-pygrub-size-limits.patch - Make it build with latest TeXLive 2012 with new package layout OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=196
91 lines
2.9 KiB
Diff
91 lines
2.9 KiB
Diff
# HG changeset patch
|
|
# User Jan Beulich <jbeulich@suse.com>
|
|
# Date 1322725849 -3600
|
|
# Node ID 76ea126f21724b72c120aff59460f7bbe9e6960d
|
|
# Parent 07cf778d517fdf661a34027af653a489489bf222
|
|
x86/emulator: properly handle lzcnt and tzcnt
|
|
|
|
These instructions are prefix selected flavors of bsf and bsr
|
|
respectively, and hence the presences of the F3 prefix must be handled
|
|
in the emulation code in order to avoid running into problems on newer
|
|
CPUs.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
Index: xen-4.1.3-testing/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
===================================================================
|
|
--- xen-4.1.3-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
+++ xen-4.1.3-testing/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
@@ -990,6 +990,9 @@ static bool_t vcpu_has(
|
|
return rc == X86EMUL_OKAY;
|
|
}
|
|
|
|
+#define vcpu_has_lzcnt() vcpu_has(0x80000001, ECX, 5, ctxt, ops)
|
|
+#define vcpu_has_bmi1() vcpu_has(0x00000007, EBX, 3, ctxt, ops)
|
|
+
|
|
#define vcpu_must_have(leaf, reg, bit) \
|
|
generate_exception_if(!vcpu_has(leaf, reg, bit, ctxt, ops), EXC_UD, -1)
|
|
#define vcpu_must_have_sse2() vcpu_must_have(0x00000001, EDX, 26)
|
|
@@ -4117,13 +4120,24 @@ x86_emulate(
|
|
dst.val = (uint8_t)src.val;
|
|
break;
|
|
|
|
- case 0xbc: /* bsf */ {
|
|
- int zf;
|
|
+ case 0xbc: /* bsf or tzcnt */ {
|
|
+ bool_t zf;
|
|
asm ( "bsf %2,%0; setz %b1"
|
|
: "=r" (dst.val), "=q" (zf)
|
|
- : "r" (src.val), "1" (0) );
|
|
+ : "r" (src.val) );
|
|
_regs.eflags &= ~EFLG_ZF;
|
|
- if ( zf )
|
|
+ if ( (rep_prefix == REPE_PREFIX) && vcpu_has_bmi1() )
|
|
+ {
|
|
+ _regs.eflags &= ~EFLG_CF;
|
|
+ if ( zf )
|
|
+ {
|
|
+ _regs.eflags |= EFLG_CF;
|
|
+ dst.val = op_bytes * 8;
|
|
+ }
|
|
+ else if ( !dst.val )
|
|
+ _regs.eflags |= EFLG_ZF;
|
|
+ }
|
|
+ else if ( zf )
|
|
{
|
|
_regs.eflags |= EFLG_ZF;
|
|
dst.type = OP_NONE;
|
|
@@ -4131,13 +4145,28 @@ x86_emulate(
|
|
break;
|
|
}
|
|
|
|
- case 0xbd: /* bsr */ {
|
|
- int zf;
|
|
+ case 0xbd: /* bsr or lzcnt */ {
|
|
+ bool_t zf;
|
|
asm ( "bsr %2,%0; setz %b1"
|
|
: "=r" (dst.val), "=q" (zf)
|
|
- : "r" (src.val), "1" (0) );
|
|
+ : "r" (src.val) );
|
|
_regs.eflags &= ~EFLG_ZF;
|
|
- if ( zf )
|
|
+ if ( (rep_prefix == REPE_PREFIX) && vcpu_has_lzcnt() )
|
|
+ {
|
|
+ _regs.eflags &= ~EFLG_CF;
|
|
+ if ( zf )
|
|
+ {
|
|
+ _regs.eflags |= EFLG_CF;
|
|
+ dst.val = op_bytes * 8;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ dst.val = op_bytes * 8 - 1 - dst.val;
|
|
+ if ( !dst.val )
|
|
+ _regs.eflags |= EFLG_ZF;
|
|
+ }
|
|
+ }
|
|
+ else if ( zf )
|
|
{
|
|
_regs.eflags |= EFLG_ZF;
|
|
dst.type = OP_NONE;
|