On 4/2/19 2:01 PM, Jan Beulich wrote: > This is to accompany sanitize_input(). Just like for initial state we > want to have state between two emulated insns sane, at least as far as > assumptions in the main emulator go. Do minimal checking after segment > register, CR, and MSR writes, and roll back to the old value in case of > failure (raising #GP(0) at the same time). > > In the particular case observed, a CR0 write clearing CR0.PE was > followed by a VEX-encoded insn, which the decoder accepts based on > guest address size, restricting things just outside of the 64-bit case > (real and virtual modes don't allow VEX-encoded insns). Subsequently > _get_fpu() would then assert that CR0.PE must be set (and EFLAGS.VM > clear) when trying to invoke YMM, ZMM, or OPMASK state. > > Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: George Dunlap <george.dun...@citrix.com> That said, I wonder if there's a way to avoid the duplication between sanitize_input() and check_state(). Another option would be to rework sanitize_input() (perhaps as sanizite_state()): * Accept a parameter saying whether to do optional changes (like CANONICALIZE_MAYBE) * Return a boolean saying whether any state was in fact sanitized. Then the current callers of check_state() could instead call sanitize_state(), and throw an exception if it returns 1. (Or some variation thereof.) Just a thought; I'm OK with checking this in as it is. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
