[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.2 53/60] target/i386: Generate an illegal opcode exception o
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-8.2.2 53/60] target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix |
|
Date: |
Wed, 21 Feb 2024 11:20:41 +0300 |
From: Ziqiao Kong <ziqiaokong@gmail.com>
target/i386: As specified by Intel Manual Vol2 3-180, cmp instructions
are not allowed to have lock prefix and a `UD` should be raised. Without
this patch, s1->T0 will be uninitialized and used in the case OP_CMPL.
Signed-off-by: Ziqiao Kong <ziqiaokong@gmail.com>
Message-ID: <20240215095015.570748-2-ziqiaokong@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 99d0dcd7f102c07a510200d768cae65e5db25d23)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 8fd49ff474..83c2b40480 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -1480,12 +1480,13 @@ static bool check_iopl(DisasContext *s)
/* if d == OR_TMP0, it means memory operand (address in A0) */
static void gen_op(DisasContext *s1, int op, MemOp ot, int d)
{
+ /* Invalid lock prefix when destination is not memory or OP_CMPL. */
+ if ((d != OR_TMP0 || op == OP_CMPL) && s1->prefix & PREFIX_LOCK) {
+ gen_illegal_opcode(s1);
+ return;
+ }
+
if (d != OR_TMP0) {
- if (s1->prefix & PREFIX_LOCK) {
- /* Lock prefix when destination is not memory. */
- gen_illegal_opcode(s1);
- return;
- }
gen_op_mov_v_reg(s1, ot, s1->T0, d);
} else if (!(s1->prefix & PREFIX_LOCK)) {
gen_op_ld_v(s1, ot, s1->T0, s1->A0);
--
2.39.2
- [Stable-8.2.2 36/60] smmu: Clear SMMUPciBus pointer cache when system reset, (continued)
- [Stable-8.2.2 36/60] smmu: Clear SMMUPciBus pointer cache when system reset, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 45/60] target/arm: Fix SVE/SME gross MTE suppression checks, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 52/60] i386/cpuid: Move leaf 7 to correct group, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 24/60] hw/smbios: Fix OEM strings table option validation, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 33/60] hw/cxl: Pass CXLComponentState to cache_mem_ops, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 50/60] i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 60/60] tests/qtest: Depend on dbus_display1_dep, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 54/60] ui: reject extended clipboard message if not activated, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 42/60] target/arm: Adjust and validate mtedesc sizem1, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 31/60] cxl/cdat: Fix header sum value in CDAT checksum, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 53/60] target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix,
Michael Tokarev <=
- [Stable-8.2.2 37/60] tests/acpi: Allow update of DSDT.cxl, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 46/60] target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 32/60] hw/cxl/device: read from register values in mdev_reg_read(), Michael Tokarev, 2024/02/21
- [Stable-8.2.2 49/60] i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 43/60] target/arm: Split out make_svemte_desc, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 41/60] target/arm: Fix nregs computation in do_{ld, st}_zpa, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 44/60] target/arm: Handle mte in do_ldrq, do_ldro, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 35/60] virtio_iommu: Clear IOMMUPciBus pointer cache when system reset, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 55/60] ui/clipboard: mark type as not available when there is no data, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 19/60] virtio-blk: avoid using ioeventfd state in irqfd conditional, Michael Tokarev, 2024/02/21