From 95d0a0fe37ee89bfb11ab952b7831c849cf23bd4 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Wed, 11 Oct 2017 14:50:33 +0200
Subject: [PATCH] x86emul: handle address wrapping for VMASKMOVP{S,D}

I failed to recognize the need to mirror the changes done by 7869e2bafe
("x86emul/fuzz: add rudimentary limit checking") into the earlier
written but later committed 2fe43d333f ("x86emul: support remaining AVX
insns"): Behavior here is the same as for multi-part reads or writes.

Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index d9bcd314ec..54a275664a 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -7887,7 +7887,7 @@ x86_emulate(
             switch ( d & SrcMask )
             {
             case SrcMem:
-                rc = ops->read(ea.mem.seg, ea.mem.off + first_byte,
+                rc = ops->read(ea.mem.seg, truncate_ea(ea.mem.off + first_byte),
                                (void *)mmvalp + first_byte, op_bytes,
                                ctxt);
                 if ( rc != X86EMUL_OKAY )
@@ -7970,7 +7970,7 @@ x86_emulate(
         else
         {
             fail_if(!ops->write);
-            rc = ops->write(dst.mem.seg, dst.mem.off + first_byte,
+            rc = ops->write(dst.mem.seg, truncate_ea(dst.mem.off + first_byte),
                             !state->simd_size ? &dst.val
                                               : (void *)mmvalp + first_byte,
                             dst.bytes, ctxt);
-- 
2.30.2