From: Jan Beulich <jbeulich@suse.com>
Date: Wed, 14 Dec 2016 09:11:08 +0000 (+0100)
Subject: x86emul: MOVNTI does not allow REP prefixes
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~3148
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=96a7cb37b921d2b320183d194d143262e1dd5b53;p=xen.git

x86emul: MOVNTI does not allow REP prefixes

Just like 66, prefixes F3 and F2 cause #UD.

Also adjust a related comment, which in its previous wording was
misleading (as in 16-bit mode there would nothing be undone when
adjusting operand size from 2 to 4).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 2c23e473db..1b5becf313 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1966,8 +1966,7 @@ x86_decode_twobyte(
     case 0x50 ... 0x77:
     case 0x79 ... 0x7f:
     case 0xae:
-    case 0xc2:
-    case 0xc4 ... 0xc6:
+    case 0xc2 ... 0xc6:
     case 0xd0 ... 0xfe:
         ctxt->opcode |= MASK_INSR(vex.pfx, X86EMUL_OPC_PFX_MASK);
         break;
@@ -2469,8 +2468,8 @@ x86_decode(
     }
 
     /*
-     * Undo the operand-size override effect of prefix 66 when it was
-     * determined to have another meaning.
+     * When prefix 66 has a meaning different from operand-size override,
+     * operand size defaults to 4 and can't be overridden to 2.
      */
     if ( op_bytes == 2 &&
          (ctxt->opcode & X86EMUL_OPC_PFX_MASK) == X86EMUL_OPC_66(0, 0) )
@@ -5354,7 +5353,6 @@ x86_emulate(
     case X86EMUL_OPC(0x0f, 0xc3): /* movnti */
         /* Ignore the non-temporal hint for now. */
         vcpu_must_have(sse2);
-        generate_exception_if(dst.bytes <= 2, EXC_UD);
         dst.val = src.val;
         break;