From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 2 Feb 2017 11:48:59 +0000 (+0100)
Subject: x86emul: correct behavior for single iteration REP INS/OUTS
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2867
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=061cd0f0e5c41335150e0d234d8ad0aff7b6da11;p=xen.git

x86emul: correct behavior for single iteration REP INS/OUTS

The initial operation done on these paths may raise an exception (for
->read_io() that's possible only on the PV path, when the I/O port
access check has been deferred). We have to suppress put_rep_prefix()
updating rCX in that case. From an abstract perspective this also
applies to RETRY being returned.

Reported-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Tested-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 21dd98cebc..dbda4b3b4a 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3134,7 +3134,7 @@ x86_emulate(
         if ( nr_reps == 1 && ops->read_io && ops->write )
         {
             rc = ops->read_io(port, dst.bytes, &dst.val, ctxt);
-            if ( rc == X86EMUL_OKAY )
+            if ( rc != X86EMUL_UNHANDLEABLE )
                 nr_reps = 0;
         }
         if ( (nr_reps > 1 || rc == X86EMUL_UNHANDLEABLE) && ops->rep_ins )
@@ -3175,7 +3175,7 @@ x86_emulate(
         {
             rc = read_ulong(ea.mem.seg, ea.mem.off, &dst.val, dst.bytes,
                             ctxt, ops);
-            if ( rc == X86EMUL_OKAY )
+            if ( rc != X86EMUL_UNHANDLEABLE )
                 nr_reps = 0;
         }
         if ( (nr_reps > 1 || rc == X86EMUL_UNHANDLEABLE) && ops->rep_outs )