From f122fc2e3520e7af45d3bae9606ce5b8ac5ef887 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 28 Sep 2017 11:04:20 +0200
Subject: [PATCH] x86emul: properly refuse LOCK on most 0FC7 insns

When adding support for RDRAND/RDSEED/RDPID I didn't remember to also
update this special early check. Make it (hopefully) future-proof by
also refusing VEX-encodings.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index c1e2300b39..ff1a401bae 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3087,7 +3087,9 @@ x86_emulate(
          * The only implicit-operands instructions allowed a LOCK prefix are
          * CMPXCHG{8,16}B (MOV CRn is being handled elsewhere).
          */
-        generate_exception_if(lock_prefix && (ext != ext_0f || b != 0xc7),
+        generate_exception_if(lock_prefix &&
+                              (vex.opcx || ext != ext_0f || b != 0xc7 ||
+                               (modrm_reg & 7) != 1 || ea.type != OP_MEM),
                               EXC_UD);
         dst.type = OP_NONE;
         break;
-- 
2.30.2