From patchwork Fri Oct 28 16:21:23 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Beulich <JBeulich@suse.com>
X-Patchwork-Id: 9402267
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8076E601C0 for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 28 Oct 2016 16:23:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71E282A8A1
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 28 Oct 2016 16:23:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 652172A8A8; Fri, 28 Oct 2016 16:23:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D9E682A8A1
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 28 Oct 2016 16:23:45 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1c09uK-0000K7-6Z; Fri, 28 Oct 2016 16:21:28 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <JBeulich@suse.com>) id 1c09uJ-0000K1-Mb
	for xen-devel@lists.xenproject.org; Fri, 28 Oct 2016 16:21:27 +0000
Received: from [85.158.143.35] by server-6.bemta-6.messagelabs.com id
	88/1E-12520-70B73185; Fri, 28 Oct 2016 16:21:27 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCIsWRWlGSWpSXmKPExsXS6fjDS5etWjj
	CYHKPhMX3LZOZHBg9Dn+4whLAGMWamZeUX5HAmnH06knWgqcKFRMeLWBtYNwh3sXIySEkkCdx
	qWsvG4jNK2An8fF5FzuILSFgKPH0/XWwOIuAqsS7lk5WEJtNQF2i7dl2IJuDQ0TAQOLc0aQuR
	i4OZoGFjBJ/f89iBqkRFrCVWHDiIzNIDa+AoMTfHcIgJjPQ+JvbkiYwcs1CSMxCSMwCamUW0J
	J4+OsWC4StLbFs4WtmiBJpieX/OCDC9hKtZ3ezoyoBsb0krk1dwrqAkWMVo0ZxalFZapGuoal
	eUlFmekZJbmJmjq6hgZlebmpxcWJ6ak5iUrFecn7uJkZg6DEAwQ7Gb8sCDjFKcjApifJ+CBeO
	EOJLyk+pzEgszogvKs1JLT7EKMPBoSTBW1AJlBMsSk1PrUjLzAFGAUxagoNHSYTXECTNW1yQm
	FucmQ6ROsWoKCXOuxkkIQCSyCjNg2uDRd4lRlkpYV5GoEOEeApSi3IzS1DlXzGKczAqCfPuAZ
	nCk5lXAjf9FdBiJqDF09MFQBaXJCKkpBoYeRgvPPCrmunBGfLJIeRG9/8Z3I+4tWv21NgfnvX
	s4LQV8xJy+hqZjuxtPll2cePEW4Xy0R22S6rnTK+55zq/7926RcEHWit1+5+b2y3kvX9QdNar
	Eyu3fdZsUrY8bmn+mf1cRdzOqgrnWPMnJm2bAniv3+taaMxXJpMr1sszLXHx5dT7vVy3lFiKM
	xINtZiLihMBXVTqqLcCAAA=
X-Env-Sender: JBeulich@suse.com
X-Msg-Ref: server-6.tower-21.messagelabs.com!1477671683!18022942!1
X-Originating-IP: [137.65.248.74]
X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG
X-StarScan-Received: 
X-StarScan-Version: 9.0.13; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 27638 invoked from network); 28 Oct 2016 16:21:26 -0000
Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com)
	(137.65.248.74)
	by server-6.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 28 Oct 2016 16:21:26 -0000
Received: from INET-PRV-MTA by prv-mh.provo.novell.com
	with Novell_GroupWise; Fri, 28 Oct 2016 10:21:22 -0600
Message-Id: <58139723020000780011AA89@prv-mh.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 14.2.1 
Date: Fri, 28 Oct 2016 10:21:23 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
Mime-Version: 1.0
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Kevin Tian <kevin.tian@intel.com>, Wei Liu <wei.liu2@citrix.com>,
	Jun Nakajima <jun.nakajima@intel.com>
Subject: [Xen-devel] [PATCH v2] VMX: fix realmode emulation SReg handling
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Commit 0888d36bb2 ("x86/emul: Correct the decoding of SReg3 operands")
overlooked three places where x86_seg_cs was assumed to be zero.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---
v2: Add BUILD_BUG_ON() and use ARRAY_SIZE(reg) as loop bound.
VMX: fix realmode emulation SReg handling

Commit 0888d36bb2 ("x86/emul: Correct the decoding of SReg3 operands")
overlooked three places where x86_seg_cs was assumed to be zero.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
---
v2: Add BUILD_BUG_ON() and use ARRAY_SIZE(reg) as loop bound.

--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1496,21 +1496,23 @@ static void vmx_update_guest_cr(struct v
             enum x86_segment s; 
             struct segment_register reg[x86_seg_tr + 1];
 
+            BUILD_BUG_ON(x86_seg_tr != x86_seg_gs + 1);
+
             /* Entering or leaving real mode: adjust the segment registers.
              * Need to read them all either way, as realmode reads can update
              * the saved values we'll use when returning to prot mode. */
-            for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ )
+            for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                 vmx_get_segment_register(v, s, &reg[s]);
             v->arch.hvm_vmx.vmx_realmode = realmode;
             
             if ( realmode )
             {
-                for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ )
+                for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                     vmx_set_segment_register(v, s, &reg[s]);
             }
             else 
             {
-                for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ ) 
+                for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                     if ( !(v->arch.hvm_vmx.vm86_segment_mask & (1<<s)) )
                         vmx_set_segment_register(
                             v, s, &v->arch.hvm_vmx.vm86_saved_seg[s]);

--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1496,21 +1496,23 @@ static void vmx_update_guest_cr(struct v
             enum x86_segment s; 
             struct segment_register reg[x86_seg_tr + 1];
 
+            BUILD_BUG_ON(x86_seg_tr != x86_seg_gs + 1);
+
             /* Entering or leaving real mode: adjust the segment registers.
              * Need to read them all either way, as realmode reads can update
              * the saved values we'll use when returning to prot mode. */
-            for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ )
+            for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                 vmx_get_segment_register(v, s, &reg[s]);
             v->arch.hvm_vmx.vmx_realmode = realmode;
             
             if ( realmode )
             {
-                for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ )
+                for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                     vmx_set_segment_register(v, s, &reg[s]);
             }
             else 
             {
-                for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ ) 
+                for ( s = 0; s < ARRAY_SIZE(reg); s++ )
                     if ( !(v->arch.hvm_vmx.vm86_segment_mask & (1<<s)) )
                         vmx_set_segment_register(
                             v, s, &v->arch.hvm_vmx.vm86_saved_seg[s]);