>>> On 29.09.16 at 21:47, <andrew.coop...@citrix.com> wrote:
> On 28/09/16 09:13, Jan Beulich wrote:
>> @@ -3204,179 +3285,59 @@ static void emulate_gate_op(struct cpu_u
>>          return;
>>      }
>>  
>> -    op_bytes = op_default = ar & _SEGMENT_DB ? 4 : 2;
>> -    ad_default = ad_bytes = op_default;
>> -    opnd_sel = opnd_off = 0;
>> -    jump = -1;
>> -    for ( eip = regs->eip; eip - regs->_eip < 10; )
>> +    ctxt.ctxt.addr_size = ar & _SEGMENT_DB ? 32 : 16;
>> +    /* Leave zero in ctxt.ctxt.sp_size, as it's not needed for decoding. */
> 
> Are you sure this is safe?  What if the instruction is substituted under
> our feet?
> 
> Currently, the only issues I can spot would be a load of "& 0" in
> truncate_word() and friends, but my gut feeling is that this is not a
> safe or sensible thing to rely on.

This is safe because (a) x86_decode_insn() won't reach any code
using sp_size and (b) as extra care installs x86emul_unhandleable_rw()
as .read handler (and poisons the .write and .cmpxchg ones).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to