pkgsrc-ng/sysutils/xenkernel46/patches/patch-XSA-186-1

$NetBSD: patch-XSA-186-1,v 1.1 2016/09/08 15:44:07 bouyer Exp $

From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary

The Force Emulation Prefix is named to follow its PV counterpart for cpuid or
rdtsc, but isn't really an instruction prefix.  It behaves as a break-out into
Xen, with the purpose of emulating the next instruction in the current state.

It is important to be able to test legal situations which occur in real
hardware, including instruction which cross certain boundaries, and
instructions starting at 0.

Reported-by: Brian Marcotte <marcotte@panix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- xen/arch/x86/hvm/svm/svm.c.orig
+++ xen/arch/x86/hvm/svm/svm.c
@@ -2139,6 +2139,10 @@ static void svm_vmexit_ud_intercept(stru
         {
             regs->eip += sizeof(sig);
             regs->eflags &= ~X86_EFLAGS_RF;
+
+            /* Zero the upper 32 bits of %rip if not in long mode. */
+            if ( svm_guest_x86_mode(current) != 8 )
+                regs->eip = regs->_eip;
         }
     }
 
--- xen/arch/x86/hvm/vmx/vmx.c.orig
+++ xen/arch/x86/hvm/vmx/vmx.c
@@ -2757,6 +2757,10 @@ static void vmx_vmexit_ud_intercept(stru
         {
             regs->eip += sizeof(sig);
             regs->eflags &= ~X86_EFLAGS_RF;
+
+            /* Zero the upper 32 bits of %rip if not in long mode. */
+            if ( vmx_guest_x86_mode(current) != 8 )
+                regs->eip = regs->_eip;
         }
     }