[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 2/5] x86emul: don't assume a memory operand



>>> On 07.12.16 at 14:05, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 07/12/16 08:22, Jan Beulich wrote:
>>>>> On 06.12.16 at 17:49, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 06/12/16 11:13, Jan Beulich wrote:
>>>> @@ -2359,7 +2360,7 @@ x86_decode(
>>>>          }
>>>>      }
>>>>  
>>>> -    if ( override_seg != -1 && ea.type == OP_MEM )
>>>> +    if ( override_seg != x86_seg_none )
>>>>          ea.mem.seg = override_seg;
>>> Could we get away with asserting ea.type == OP_MEM if override_seg is
>>> set, to help validate our assumptions about state?  (Possibly even
>>> passing #UD back in the non-debug case)
>> That would be wrong - we'd be asserting guest controlled state.
>> There's nothing preventing a segment override to be present on
>> instructions without memory operands.
> 
> True, but such overrides should have no effect on the instruction.

Correct. But we can't ASSERT() anything for that reason.

>> And for example string
>> insns don't have OP_MEM set despite having (implicit) memory
>> operands (after all that's the hole reason for the change here
>> [but not the patch as a hole], as the following PV priv-op patch
> 
> Do you mean whole instead of hole here?

Yes - shame on me, even twice the same mistake.

>> requires the segment override to take effect on OUTS). Nor
>> would such be correct for conditional branches, where some of
>> the segment overrides have a different meaning (necessarily
>> ignored by the emulator).
> 
> The point I am trying to address is that it feels wrong to be
> referencing ea.mem for non OP_MEM types.  I accept that, no longer being
> a union, this use should be safe.
> 
> The string instructions are certainly a spanner in the works, but the
> jump instructions need not care about likely/unlikely prefixes.  They
> were purely advisory to start with, and are ignored on all modern hardware.
> 
> Another spanner in the works is the upcoming meaning of %ds overrides
> for jump instructions as the no-track hint from the forthcoming
> Control-flow Enforcement extensions.
> 
> Given that there can only ever be one active segment override, does it
> need to be stored in ea.mem in the first place, or could it live
> somewhere else which is mem-neutral?

It could, but that wouldn't make ea.mem.seg go away, and it's a
convenient place to put it. Also if we put it elsewhere we'd have
to (a) change all existing uses (including all places structure-
assigning dst or src from ea), and be rather careful with future
changes.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.