diff options
author | Laurent Vivier <Laurent.Vivier@bull.net> | 2007-09-25 07:36:40 -0400 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-01-30 10:52:49 -0500 |
commit | b4c6abfef400c0f74d9b86a149a6719706cfdbbc (patch) | |
tree | f524e25db195f40aa70b7abf9f87ccabf137354b | |
parent | a22436b7b8ec9b14a0451d9ac0fdc9d370bd7800 (diff) |
KVM: x86 emulator: Any legacy prefix after a REX prefix nullifies its effect
This patch modifies the management of REX prefix according behavior
I saw in Xen 3.1. In Xen, this modification has been introduced by
Jan Beulich.
http://lists.xensource.com/archives/html/xen-changelog/2007-01/msg00081.html
Signed-off-by: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r-- | drivers/kvm/x86_emulate.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/drivers/kvm/x86_emulate.c b/drivers/kvm/x86_emulate.c index 0afe660aec4..e294d840957 100644 --- a/drivers/kvm/x86_emulate.c +++ b/drivers/kvm/x86_emulate.c | |||
@@ -521,7 +521,6 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) | |||
521 | { | 521 | { |
522 | struct decode_cache *c = &ctxt->decode; | 522 | struct decode_cache *c = &ctxt->decode; |
523 | u8 sib, rex_prefix = 0; | 523 | u8 sib, rex_prefix = 0; |
524 | unsigned int i; | ||
525 | int rc = 0; | 524 | int rc = 0; |
526 | int mode = ctxt->mode; | 525 | int mode = ctxt->mode; |
527 | int index_reg = 0, base_reg = 0, scale, rip_relative = 0; | 526 | int index_reg = 0, base_reg = 0, scale, rip_relative = 0; |
@@ -551,7 +550,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) | |||
551 | } | 550 | } |
552 | 551 | ||
553 | /* Legacy prefixes. */ | 552 | /* Legacy prefixes. */ |
554 | for (i = 0; i < 8; i++) { | 553 | for (;;) { |
555 | switch (c->b = insn_fetch(u8, 1, c->eip)) { | 554 | switch (c->b = insn_fetch(u8, 1, c->eip)) { |
556 | case 0x66: /* operand-size override */ | 555 | case 0x66: /* operand-size override */ |
557 | c->op_bytes ^= 6; /* switch between 2/4 bytes */ | 556 | c->op_bytes ^= 6; /* switch between 2/4 bytes */ |
@@ -582,6 +581,11 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) | |||
582 | case 0x36: /* SS override */ | 581 | case 0x36: /* SS override */ |
583 | c->override_base = &ctxt->ss_base; | 582 | c->override_base = &ctxt->ss_base; |
584 | break; | 583 | break; |
584 | case 0x40 ... 0x4f: /* REX */ | ||
585 | if (mode != X86EMUL_MODE_PROT64) | ||
586 | goto done_prefixes; | ||
587 | rex_prefix = c->b; | ||
588 | continue; | ||
585 | case 0xf0: /* LOCK */ | 589 | case 0xf0: /* LOCK */ |
586 | c->lock_prefix = 1; | 590 | c->lock_prefix = 1; |
587 | break; | 591 | break; |
@@ -592,19 +596,21 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) | |||
592 | default: | 596 | default: |
593 | goto done_prefixes; | 597 | goto done_prefixes; |
594 | } | 598 | } |
599 | |||
600 | /* Any legacy prefix after a REX prefix nullifies its effect. */ | ||
601 | |||
602 | rex_prefix = 0; | ||
595 | } | 603 | } |
596 | 604 | ||
597 | done_prefixes: | 605 | done_prefixes: |
598 | 606 | ||
599 | /* REX prefix. */ | 607 | /* REX prefix. */ |
600 | if ((mode == X86EMUL_MODE_PROT64) && ((c->b & 0xf0) == 0x40)) { | 608 | if (rex_prefix) { |
601 | rex_prefix = c->b; | 609 | if (rex_prefix & 8) |
602 | if (c->b & 8) | ||
603 | c->op_bytes = 8; /* REX.W */ | 610 | c->op_bytes = 8; /* REX.W */ |
604 | c->modrm_reg = (c->b & 4) << 1; /* REX.R */ | 611 | c->modrm_reg = (rex_prefix & 4) << 1; /* REX.R */ |
605 | index_reg = (c->b & 2) << 2; /* REX.X */ | 612 | index_reg = (rex_prefix & 2) << 2; /* REX.X */ |
606 | c->modrm_rm = base_reg = (c->b & 1) << 3; /* REG.B */ | 613 | c->modrm_rm = base_reg = (rex_prefix & 1) << 3; /* REG.B */ |
607 | c->b = insn_fetch(u8, 1, c->eip); | ||
608 | } | 614 | } |
609 | 615 | ||
610 | /* Opcode byte(s). */ | 616 | /* Opcode byte(s). */ |