David Vrabel
2012-Jan-05 15:03 UTC
[PATCH] x86: emulate lea with two register operands correctly
An lea instruction with two register operands should raise an
undefined instruction exception.
Skype does such a instruction and will crash when starting if it does
not get the exception.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
diff -r efaa28639a71 -r e25b7798f13b xen/arch/x86/x86_emulate/x86_emulate.c
--- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Jan 04 16:12:44 2012 +0000
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c Thu Jan 05 14:58:56 2012 +0000
@@ -2240,6 +2240,7 @@ x86_emulate(
}
case 0x8d: /* lea */
+ generate_exception_if(modrm_mod == 3, EXC_UD, -1);
dst.val = ea.mem.off;
break;
Keir Fraser
2012-Jan-05 15:49 UTC
Re: [PATCH] x86: emulate lea with two register operands correctly
On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote:> An lea instruction with two register operands should raise an > undefined instruction exception. > > Skype does such a instruction and will crash when starting if it does > not get the exception.Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made that change before committing this patch. It''s now in xen-unstable staging. It''s a bit concerning that we''re emulating LEA at all, perhaps. I wonder if a pagetable page has been reused as a code page and we didn''t notice yet? Or is there some other reason that skype is getting emulated? :-) -- Keir> Signed-off-by: David Vrabel <david.vrabel@citrix.com> > > diff -r efaa28639a71 -r e25b7798f13b xen/arch/x86/x86_emulate/x86_emulate.c > --- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Jan 04 16:12:44 2012 +0000 > +++ b/xen/arch/x86/x86_emulate/x86_emulate.c Thu Jan 05 14:58:56 2012 +0000 > @@ -2240,6 +2240,7 @@ x86_emulate( > } > > case 0x8d: /* lea */ > + generate_exception_if(modrm_mod == 3, EXC_UD, -1); > dst.val = ea.mem.off; > break; > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel
Tim Deegan
2012-Jan-05 16:06 UTC
Re: [PATCH] x86: emulate lea with two register operands correctly
At 15:49 +0000 on 05 Jan (1325778595), Keir Fraser wrote:> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote: > > > An lea instruction with two register operands should raise an > > undefined instruction exception. > > > > Skype does such a instruction and will crash when starting if it does > > not get the exception. > > Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made > that change before committing this patch. It''s now in xen-unstable staging. > > It''s a bit concerning that we''re emulating LEA at all, perhaps. I wonder if > a pagetable page has been reused as a code page and we didn''t notice yet? Or > is there some other reason that skype is getting emulated? :-)#UD exceptions in HVM are passed to the emulator (IIRC as part of the cross-vendor migration patches, so SYSENTER & friends could be managed). Tim.
David Vrabel
2012-Jan-05 16:17 UTC
Re: [PATCH] x86: emulate lea with two register operands correctly
On 05/01/12 15:49, Keir Fraser wrote:> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote: > >> An lea instruction with two register operands should raise an >> undefined instruction exception. >> >> Skype does such a instruction and will crash when starting if it does >> not get the exception. > > Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made > that change before committing this patch. It''s now in xen-unstable staging.That works for me, thanks. I also think this patch should be a 4.1 candidate. David
Keir Fraser
2012-Jan-05 19:03 UTC
Re: [PATCH] x86: emulate lea with two register operands correctly
On 05/01/2012 16:06, "Tim Deegan" <tim@xen.org> wrote:> At 15:49 +0000 on 05 Jan (1325778595), Keir Fraser wrote: >> On 05/01/2012 15:03, "David Vrabel" <david.vrabel@citrix.com> wrote: >> >>> An lea instruction with two register operands should raise an >>> undefined instruction exception. >>> >>> Skype does such a instruction and will crash when starting if it does >>> not get the exception. >> >> Thanks. I think it is a little nicer to check ea.type != OP_MEM, so I made >> that change before committing this patch. It''s now in xen-unstable staging. >> >> It''s a bit concerning that we''re emulating LEA at all, perhaps. I wonder if >> a pagetable page has been reused as a code page and we didn''t notice yet? Or >> is there some other reason that skype is getting emulated? :-) > > #UD exceptions in HVM are passed to the emulator (IIRC as part of the > cross-vendor migration patches, so SYSENTER & friends could be managed).Duh, good point. -- Keir> Tim.