aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/x86/kernel/entry_32.S3
-rw-r--r--arch/x86/xen/xen-asm.S22
2 files changed, 10 insertions, 15 deletions
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 5d80d53eaff8..209c334bb920 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -1042,8 +1042,7 @@ ENTRY(xen_hypervisor_callback)
1042 cmpl $xen_iret_end_crit,%eax 1042 cmpl $xen_iret_end_crit,%eax
1043 jae 1f 1043 jae 1f
1044 1044
1045 call xen_iret_crit_fixup 1045 jmp xen_iret_crit_fixup
1046 jmp 2f
1047 1046
10481: cmpl $xen_sysexit_start_crit,%eax 10471: cmpl $xen_sysexit_start_crit,%eax
1049 jb 2f 1048 jb 2f
diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S
index 1ac08082a4b4..53cae923e148 100644
--- a/arch/x86/xen/xen-asm.S
+++ b/arch/x86/xen/xen-asm.S
@@ -223,9 +223,7 @@ hyper_iret:
223 ds } SAVE_ALL state 223 ds } SAVE_ALL state
224 eax } 224 eax }
225 : : 225 : :
226 ebx } 226 ebx }<- esp
227 ----------------
228 return addr <- esp
229 ---------------- 227 ----------------
230 228
231 In order to deliver the nested exception properly, we need to shift 229 In order to deliver the nested exception properly, we need to shift
@@ -240,10 +238,8 @@ hyper_iret:
240 it's usermode state which we eventually need to restore. 238 it's usermode state which we eventually need to restore.
241 */ 239 */
242ENTRY(xen_iret_crit_fixup) 240ENTRY(xen_iret_crit_fixup)
243 /* offsets +4 for return address */
244
245 /* 241 /*
246 Paranoia: Make sure we're really coming from userspace. 242 Paranoia: Make sure we're really coming from kernel space.
247 One could imagine a case where userspace jumps into the 243 One could imagine a case where userspace jumps into the
248 critical range address, but just before the CPU delivers a GP, 244 critical range address, but just before the CPU delivers a GP,
249 it decides to deliver an interrupt instead. Unlikely? 245 it decides to deliver an interrupt instead. Unlikely?
@@ -252,32 +248,32 @@ ENTRY(xen_iret_crit_fixup)
252 jump instruction itself, not the destination, but some virtual 248 jump instruction itself, not the destination, but some virtual
253 environments get this wrong. 249 environments get this wrong.
254 */ 250 */
255 movl PT_CS+4(%esp), %ecx 251 movl PT_CS(%esp), %ecx
256 andl $SEGMENT_RPL_MASK, %ecx 252 andl $SEGMENT_RPL_MASK, %ecx
257 cmpl $USER_RPL, %ecx 253 cmpl $USER_RPL, %ecx
258 je 2f 254 je 2f
259 255
260 lea PT_ORIG_EAX+4(%esp), %esi 256 lea PT_ORIG_EAX(%esp), %esi
261 lea PT_EFLAGS+4(%esp), %edi 257 lea PT_EFLAGS(%esp), %edi
262 258
263 /* If eip is before iret_restore_end then stack 259 /* If eip is before iret_restore_end then stack
264 hasn't been restored yet. */ 260 hasn't been restored yet. */
265 cmp $iret_restore_end, %eax 261 cmp $iret_restore_end, %eax
266 jae 1f 262 jae 1f
267 263
268 movl 0+4(%edi),%eax /* copy EAX */ 264 movl 0+4(%edi),%eax /* copy EAX (just above top of frame) */
269 movl %eax, PT_EAX+4(%esp) 265 movl %eax, PT_EAX(%esp)
270 266
271 lea ESP_OFFSET(%edi),%edi /* move dest up over saved regs */ 267 lea ESP_OFFSET(%edi),%edi /* move dest up over saved regs */
272 268
273 /* set up the copy */ 269 /* set up the copy */
2741: std 2701: std
275 mov $(PT_EIP+4) / 4, %ecx /* copy ret+saved regs up to orig_eax */ 271 mov $PT_EIP / 4, %ecx /* saved regs up to orig_eax */
276 rep movsl 272 rep movsl
277 cld 273 cld
278 274
279 lea 4(%edi),%esp /* point esp to new frame */ 275 lea 4(%edi),%esp /* point esp to new frame */
2802: ret 2762: jmp xen_do_upcall
281 277
282 278
283ENTRY(xen_sysexit) 279ENTRY(xen_sysexit)