Currently the mmio_operands assumes writing to memory when operand 0 is

register or immediate, this is false for cmp/test opcode.
This patch resolve this problem, please review.

Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
Signed-off-by: Jun Nakajima  <jun.nakajima@intel.com>

diff --git a/xen/arch/x86/vmx_platform.c b/xen/arch/x86/vmx_platform.c
index d7ef47d718b383e01f9f67c1762e0763cf85fec4..8052b1c7cd42e4f99ab12fd8a3312f308890d184 100644 (file)
--- a/xen/arch/x86/vmx_platform.c
+++ b/xen/arch/x86/vmx_platform.c
@@ -833,12 +833,16 @@ void handle_mmio(unsigned long va, unsigned long gpa)
         mmio_operands(IOREQ_TYPE_XOR, gpa, &mmio_inst, mpcip, regs);
         break;
 
-    case INSTR_CMP:
-        mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mpcip, regs);
-        break;
-
+    case INSTR_CMP:        /* Pass through */
     case INSTR_TEST:
-        mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mpcip, regs);
+        mpcip->flags = mmio_inst.flags;
+        mpcip->instr = mmio_inst.instr;
+        mpcip->operand[0] = mmio_inst.operand[0]; /* source */
+        mpcip->operand[1] = mmio_inst.operand[1]; /* destination */
+        mpcip->immediate = mmio_inst.immediate;
+
+        /* send the request and wait for the value */
+        send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, mmio_inst.op_size, 0, IOREQ_READ, 0);
         break;
 
     default: