thr3ads.net - Xen devel - [Xen-devel] [PATCH] x86: check ModR/M mod bits for CR/DR access insns [Mar 2008]

If this information is useful, please help other people find it:
Share via:

Jan Beulich

2008-Mar-17 16:00 UTC

[Xen-devel] [PATCH] x86: check ModR/M mod bits for CR/DR access insns

Signed-off-by: Jan Beulich <jbeulich@novell.com>

Index: 2008-03-05/xen/arch/x86/traps.c
==================================================================---
2008-03-05.orig/xen/arch/x86/traps.c	2008-03-14 11:31:36.000000000 +0100
+++ 2008-03-05/xen/arch/x86/traps.c	2008-03-17 16:31:07.000000000 +0100
@@ -1801,6 +1801,8 @@ static int emulate_privileged_op(struct 
 
     case 0x20: /* MOV CR?,<reg> */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1841,6 +1843,8 @@ static int emulate_privileged_op(struct 
 
     case 0x21: /* MOV DR?,<reg> */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1851,6 +1855,8 @@ static int emulate_privileged_op(struct 
 
     case 0x22: /* MOV <reg>,CR? */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
@@ -1897,6 +1903,8 @@ static int emulate_privileged_op(struct 
 
     case 0x23: /* MOV <reg>,DR? */
         opcode = insn_fetch(u8, code_base, eip, code_limit);
+        if ( opcode < 0xc0 )
+            goto fail;
         modrm_reg += ((opcode >> 3) & 7) + (lock << 3);
         modrm_rm  |= (opcode >> 0) & 7;
         reg = decode_register(modrm_rm, regs, 0);
Index: 2008-03-05/xen/arch/x86/x86_emulate.c
==================================================================---
2008-03-05.orig/xen/arch/x86/x86_emulate.c	2008-03-05 17:55:11.000000000 +0100
+++ 2008-03-05/xen/arch/x86/x86_emulate.c	2008-03-17 16:36:27.000000000 +0100
@@ -3220,6 +3220,7 @@ x86_emulate(
     case 0x22: /* mov reg,cr */
     case 0x23: /* mov reg,dr */
         generate_exception_if(!mode_ring0(), EXC_GP, 0);
+        generate_exception_if(modrm_mod != 3, EXC_UD, -1);
         modrm_rm  |= (rex_prefix & 1) << 3;
         modrm_reg |= lock_prefix << 3;
         if ( b & 2 )




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Mar 2008 - [PATCH] x86: check ModR/M mod bits for CR/DR access insns

[Xen-devel] [PATCH] x86: check ModR/M mod bits for CR/DR access insns