From patchwork Sun Nov 2 09:54:47 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nadav Amit X-Patchwork-Id: 5211431 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id C60A69F52C for ; Sun, 2 Nov 2014 09:55:37 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 6D34C20173 for ; Sun, 2 Nov 2014 09:55:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5E1D5201BB for ; Sun, 2 Nov 2014 09:55:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751921AbaKBJzb (ORCPT ); Sun, 2 Nov 2014 04:55:31 -0500 Received: from mailgw12.technion.ac.il ([132.68.225.12]:52328 "EHLO mailgw12.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751462AbaKBJzW (ORCPT ); Sun, 2 Nov 2014 04:55:22 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArMCAAH/VVSERCABjGdsb2JhbABc2R4CgRAWAQEBAQEBEAEBASdChAMBBSdSEFFXGYhBwyuFaAEBAQEGAgEfkRAHFoQ1BZ8yhn+QHiCBXGqCSwEBAQ X-IPAS-Result: ArMCAAH/VVSERCABjGdsb2JhbABc2R4CgRAWAQEBAQEBEAEBASdChAMBBSdSEFFXGYhBwyuFaAEBAQEGAgEfkRAHFoQ1BZ8yhn+QHiCBXGqCSwEBAQ X-IronPort-AV: E=Sophos;i="5.07,295,1413234000"; d="scan'208";a="127554976" Received: from csa.cs.technion.ac.il ([132.68.32.1]) by mailgw12.technion.ac.il with ESMTP; 02 Nov 2014 11:55:12 +0200 Received: from csn.cs.technion.ac.il (csn.cs.technion.ac.il [132.68.32.15]) by csa.cs.technion.ac.il (Postfix) with ESMTP id 04F66140059; Sun, 2 Nov 2014 11:55:10 +0200 (IST) Received: from csl-tapuz20.cs.technion.ac.il (csl-tapuz20.cs.technion.ac.il [132.68.206.58]) by csn.cs.technion.ac.il (Postfix) with ESMTPSA id B9E07A1BFB; Sun, 2 Nov 2014 11:55:09 +0200 (IST) From: Nadav Amit To: pbonzini@redhat.com Cc: kvm@vger.kernel.org, nadav.amit@gmail.com, Nadav Amit Subject: [PATCH 07/21] KVM: x86: Emulator considers imm as memory operand Date: Sun, 2 Nov 2014 11:54:47 +0200 Message-Id: <1414922101-17626-8-git-send-email-namit@cs.technion.ac.il> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1414922101-17626-1-git-send-email-namit@cs.technion.ac.il> References: <1414922101-17626-1-git-send-email-namit@cs.technion.ac.il> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The emulator mistakenly considers some of the immediate operands as memory operands, performs memory read and uses the wrong data. By default, every operand is marked as OP_MEM, so if it is not changed, memory read may be wrongly emulated and the wrong value would be used. Consider for instance the ROR instruction - src2 (the number of times) would be read from memory instead of being used as immediate. Mark every immediate operand as such to avoid this problem. Signed-off-by: Nadav Amit --- arch/x86/kvm/emulate.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index f456783..e624d62 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -4269,6 +4269,7 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, fetch_register_operand(op); break; case OpCL: + op->type = OP_IMM; op->bytes = 1; op->val = reg_read(ctxt, VCPU_REGS_RCX) & 0xff; break; @@ -4276,6 +4277,7 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, rc = decode_imm(ctxt, op, 1, true); break; case OpOne: + op->type = OP_IMM; op->bytes = 1; op->val = 1; break; @@ -4334,21 +4336,27 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, ctxt->memop.bytes = ctxt->op_bytes + 2; goto mem_common; case OpES: + op->type = OP_IMM; op->val = VCPU_SREG_ES; break; case OpCS: + op->type = OP_IMM; op->val = VCPU_SREG_CS; break; case OpSS: + op->type = OP_IMM; op->val = VCPU_SREG_SS; break; case OpDS: + op->type = OP_IMM; op->val = VCPU_SREG_DS; break; case OpFS: + op->type = OP_IMM; op->val = VCPU_SREG_FS; break; case OpGS: + op->type = OP_IMM; op->val = VCPU_SREG_GS; break; case OpImplicit: