From patchwork Thu Dec 25 00:52:18 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nadav Amit <namit@cs.technion.ac.il>
X-Patchwork-Id: 5540741
Return-Path: <kvm-owner@kernel.org>
X-Original-To: patchwork-kvm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 93677BEEA8
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 25 Dec 2014 00:53:24 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id BB647201C7
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 25 Dec 2014 00:53:23 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id D89CC2012D
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 25 Dec 2014 00:53:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752053AbaLYAxR (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 24 Dec 2014 19:53:17 -0500
Received: from mailgw10.technion.ac.il ([132.68.225.10]:3417 "EHLO
	mailgw10.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751887AbaLYAw6 (ORCPT <rfc822; kvm@vger.kernel.org>);
	Wed, 24 Dec 2014 19:52:58 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 ApUBAJVem1SERCABjGdsb2JhbABchDDMSQKBEBYBAQEBAQEQAQEBJ0KEDQEFJ1IQQBFXGYgsw3mERAEBAQEGAgEfj3IHFoQTBahYgiEfgVJtgkMBAQE
X-IPAS-Result: 
 ApUBAJVem1SERCABjGdsb2JhbABchDDMSQKBEBYBAQEBAQEQAQEBJ0KEDQEFJ1IQQBFXGYgsw3mERAEBAQEGAgEfj3IHFoQTBahYgiEfgVJtgkMBAQE
X-IronPort-AV: E=Sophos;i="5.07,640,1413234000"; d="scan'208";a="3010328"
Received: from csa.cs.technion.ac.il ([132.68.32.1])
	by mailgw10.technion.ac.il with ESMTP; 25 Dec 2014 02:52:53 +0200
Received: from csn.cs.technion.ac.il (csn.cs.technion.ac.il [132.68.32.15])
	by csa.cs.technion.ac.il (Postfix) with ESMTP id 7EE20140042;
	Thu, 25 Dec 2014 02:52:51 +0200 (IST)
Received: from csl-tapuz20.cs.technion.ac.il (csl-tapuz20.cs.technion.ac.il
	[132.68.206.58])
	by csn.cs.technion.ac.il (Postfix) with ESMTPSA id 55060A1CBE;
	Thu, 25 Dec 2014 02:52:51 +0200 (IST)
From: Nadav Amit <namit@cs.technion.ac.il>
To: pbonzini@redhat.com
Cc: kvm@vger.kernel.org, Nadav Amit <namit@cs.technion.ac.il>
Subject: [PATCH 3/8] KVM: x86: fnstcw and fnstsw may cause spurious exception
Date: Thu, 25 Dec 2014 02:52:18 +0200
Message-Id: <1419468743-23732-4-git-send-email-namit@cs.technion.ac.il>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1419468743-23732-1-git-send-email-namit@cs.technion.ac.il>
References: <1419468743-23732-1-git-send-email-namit@cs.technion.ac.il>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Since the operand size of fnstcw and fnstsw is updated during the execution,
the emulation may cause spurious exceptions as it reads the memory beforehand.

Marking these instructions as Mov (since the previous value is ignored) and
DstMem16 to simplify the setting of operand size.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
---
 arch/x86/kvm/emulate.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 702da5e..19923e7 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -86,6 +86,7 @@
 #define DstAcc      (OpAcc << DstShift)
 #define DstDI       (OpDI << DstShift)
 #define DstMem64    (OpMem64 << DstShift)
+#define DstMem16    (OpMem16 << DstShift)
 #define DstImmUByte (OpImmUByte << DstShift)
 #define DstDX       (OpDX << DstShift)
 #define DstAccLo    (OpAccLo << DstShift)
@@ -1059,8 +1060,6 @@ static int em_fnstcw(struct x86_emulate_ctxt *ctxt)
 	asm volatile("fnstcw %0": "+m"(fcw));
 	ctxt->ops->put_fpu(ctxt);
 
-	/* force 2 byte destination */
-	ctxt->dst.bytes = 2;
 	ctxt->dst.val = fcw;
 
 	return X86EMUL_CONTINUE;
@@ -1077,8 +1076,6 @@ static int em_fnstsw(struct x86_emulate_ctxt *ctxt)
 	asm volatile("fnstsw %0": "+m"(fsw));
 	ctxt->ops->put_fpu(ctxt);
 
-	/* force 2 byte destination */
-	ctxt->dst.bytes = 2;
 	ctxt->dst.val = fsw;
 
 	return X86EMUL_CONTINUE;
@@ -3930,7 +3927,7 @@ static const struct gprefix pfx_0f_e7 = {
 };
 
 static const struct escape escape_d9 = { {
-	N, N, N, N, N, N, N, I(DstMem, em_fnstcw),
+	N, N, N, N, N, N, N, I(DstMem16 | Mov, em_fnstcw),
 }, {
 	/* 0xC0 - 0xC7 */
 	N, N, N, N, N, N, N, N,
@@ -3972,7 +3969,7 @@ static const struct escape escape_db = { {
 } };
 
 static const struct escape escape_dd = { {
-	N, N, N, N, N, N, N, I(DstMem, em_fnstsw),
+	N, N, N, N, N, N, N, I(DstMem16 | Mov, em_fnstsw),
 }, {
 	/* 0xC0 - 0xC7 */
 	N, N, N, N, N, N, N, N,