From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 19 Jan 2017 09:38:08 +0000 (+0100)
Subject: x86/PV: restrict permitted instructions during memory write emulation
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2949
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ff913f68c9e1153b33d25ede18891a8199ae82bb;p=xen.git

x86/PV: restrict permitted instructions during memory write emulation

All three code paths mean to only emulate memory writes. Refuse
emulation of any other instructions there.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index a5521f186e..f35e3116bb 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -5340,11 +5340,19 @@ static int ptwr_emulated_cmpxchg(
         container_of(ctxt, struct ptwr_emulate_ctxt, ctxt));
 }
 
+static int pv_emul_is_mem_write(const struct x86_emulate_state *state,
+                                struct x86_emulate_ctxt *ctxt)
+{
+    return x86_insn_is_mem_write(state, ctxt) ? X86EMUL_OKAY
+                                              : X86EMUL_UNHANDLEABLE;
+}
+
 static const struct x86_emulate_ops ptwr_emulate_ops = {
     .read       = ptwr_emulated_read,
     .insn_fetch = ptwr_emulated_read,
     .write      = ptwr_emulated_write,
     .cmpxchg    = ptwr_emulated_cmpxchg,
+    .validate   = pv_emul_is_mem_write,
     .cpuid      = pv_emul_cpuid,
 };
 
@@ -5463,6 +5471,7 @@ static const struct x86_emulate_ops mmio_ro_emulate_ops = {
     .read       = x86emul_unhandleable_rw,
     .insn_fetch = ptwr_emulated_read,
     .write      = mmio_ro_emulated_write,
+    .validate   = pv_emul_is_mem_write,
     .cpuid      = pv_emul_cpuid,
 };
 
@@ -5501,6 +5510,7 @@ static const struct x86_emulate_ops mmcfg_intercept_ops = {
     .read       = x86emul_unhandleable_rw,
     .insn_fetch = ptwr_emulated_read,
     .write      = mmcfg_intercept_write,
+    .validate   = pv_emul_is_mem_write,
     .cpuid      = pv_emul_cpuid,
 };