On 25/09/2018 14:28, Jan Beulich wrote:
> +#define avx512_vlen_check(lig) do { \
> + switch ( evex.lr ) \
> + { \
> + default: \
> + generate_exception(EXC_UD); \
> + case 2: \
> + break; \
> + case 0: case 1: \
> + if (!(lig)) \
if ( !(lig) )
> + host_and_vcpu_must_have(avx512vl); \
> + break; \
> + } \
> +} while ( false )
> +
> static bool is_aligned(enum x86_segment seg, unsigned long offs,
> unsigned int size, struct x86_emulate_ctxt *ctxt,
> const struct x86_emulate_ops *ops)
> @@ -3272,6 +3387,7 @@ x86_emulate(
> b = ctxt->opcode;
> d = state.desc;
> #define state (&state)
> + elem_bytes = 4 << evex.w;
evex.w isn't filled by this point, is it? We only fill evex.lr in the
!evex_encoded() case AFAICT.
>
> generate_exception_if(state->not_64bit && mode_64bit(), EXC_UD);
>
> @@ -6348,6 +6521,41 @@ x86_emulate(
> ASSERT(!state->simd_size);
> break;
>
> + case X86EMUL_OPC_EVEX_66(0x0f, 0x6e): /* vmov{d,q} r/m,xmm */
> + case X86EMUL_OPC_EVEX_66(0x0f, 0x7e): /* vmov{d,q} xmm,r/m */
> + generate_exception_if((evex.lr || evex.opmsk || evex.br ||
> + evex.reg != 0xf || !evex.RX),
Are the inner brackets necessary?
> @@ -8819,6 +9070,44 @@ x86_emulate(
> !is_aligned(ea.mem.seg, ea.mem.off,
> op_bytes,
> ctxt, ops),
> EXC_GP, 0);
> +
> + if ( evex.br )
> + {
> + ASSERT((d & DstMask) != DstMem);
> + op_bytes = elem_bytes;
> + }
> + if ( evex.opmsk )
> + {
> + ASSERT(!(op_bytes % elem_bytes));
> + full = ~0ULL >> (64 - op_bytes / elem_bytes);
I think we want a path which checks elem_bytes != 0 which is
release-build safe. This feels like an XSA waiting to happen.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
