>>> On 29.09.16 at 21:47, <andrew.coop...@citrix.com> wrote: > On 28/09/16 09:13, Jan Beulich wrote: >> @@ -3204,179 +3285,59 @@ static void emulate_gate_op(struct cpu_u >> return; >> } >> >> - op_bytes = op_default = ar & _SEGMENT_DB ? 4 : 2; >> - ad_default = ad_bytes = op_default; >> - opnd_sel = opnd_off = 0; >> - jump = -1; >> - for ( eip = regs->eip; eip - regs->_eip < 10; ) >> + ctxt.ctxt.addr_size = ar & _SEGMENT_DB ? 32 : 16; >> + /* Leave zero in ctxt.ctxt.sp_size, as it's not needed for decoding. */ > > Are you sure this is safe? What if the instruction is substituted under > our feet? > > Currently, the only issues I can spot would be a load of "& 0" in > truncate_word() and friends, but my gut feeling is that this is not a > safe or sensible thing to rely on.
This is safe because (a) x86_decode_insn() won't reach any code using sp_size and (b) as extra care installs x86emul_unhandleable_rw() as .read handler (and poisons the .write and .cmpxchg ones). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel