lguest: Fix in/out emulation

We were blatting too much of the register. Linux didn't care, but in theory it might. Reported-by: Jonas Maebe <jonas.maebe@elis.ugent.be> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-07-22 14:39:51 +09:30 · 2011-07-22 14:39:51 +09:30 · 996ba96a97
commit 996ba96a97
parent 8d431f4160
1 changed files with 11 additions and 9 deletions
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@ -269,7 +269,7 @@ void lguest_arch_run_guest(struct lg_cpu *cpu)
 static int emulate_insn(struct lg_cpu *cpu)
 {
 	u8 insn;
-	unsigned int insnlen = 0, in = 0, shift = 0;
+	unsigned int insnlen = 0, in = 0, small_operand = 0;
 	/*
 	 * The eip contains the *virtual* address of the Guest's instruction:
 	 * walk the Guest's page tables to find the "physical" address.
@ -300,11 +300,10 @@ static int emulate_insn(struct lg_cpu *cpu)
 	}
 	/*
-	 * 0x66 is an "operand prefix".  It means it's using the upper 16 bits
+	 * 0x66 is an "operand prefix".  It means a 16, not 32 bit in/out.
 	 * of the eax register.
 	 */
 	if (insn == 0x66) {
-		shift = 16;
+		small_operand = 1;
 		/* The instruction is 1 byte so far, read the next byte. */
 		insnlen = 1;
 		insn = lgread(cpu, physaddr + insnlen, u8);
@ -340,11 +339,14 @@ static int emulate_insn(struct lg_cpu *cpu)
 	 * traditionally means "there's nothing there".
 	 */
 	if (in) {
-		/* Lower bit tells is whether it's a 16 or 32 bit access */
+		/* Lower bit tells means it's a 32/16 bit access */
-		if (insn & 0x1)
+		if (insn & 0x1) {
-			cpu->regs->eax = 0xFFFFFFFF;
+			if (small_operand)
 				cpu->regs->eax |= 0xFFFF;
 			else
-			cpu->regs->eax |= (0xFFFF << shift);
+				cpu->regs->eax = 0xFFFFFFFF;
 		} else
 			cpu->regs->eax |= 0xFF;
 	}
 	/* Finally, we've "done" the instruction, so move past it. */
 	cpu->regs->eip += insnlen;