On Tue, May 24, 2011 at 10:07:48PM +0300, Avi Kivity wrote:
> >> @@ -2955,6 +2964,15 @@ static int check_perm_out(struct x86_emulate_ctxt *ctxt)
> >> {
> >> struct decode_cache *c =&ctxt->decode;
> >>
> >> + switch (c->b) {
> >> + case 0x6e: /* outsb */
> >> + case 0x6f: /* outsw/outsd */
> >> + case 0xee: /* out dx,al */
> >> + case 0xef: /* out dx,(e/r)ax */
> >> + c->dst.val = c->regs[VCPU_REGS_RDX];
> >> + break;
> >> + }
> >> +
> >> c->src.bytes = min(c->src.bytes, 4u);
> >> if (!emulator_io_permited(ctxt, c->dst.val, c->src.bytes))
> >> return emulate_gp(ctxt, 0);
> >I'd rather do it at decoding stage by adding SrcDX/DstDX.
> >
>
> Note we haven't decoded operands yet. And this doesn't fix in $imm8, %al.
>
We haven't? check_perm is called from x86_emulate_insn() and operands are
decode in x86_decode_insn(). So $imm8, %al should work now. Or am I
missing something?
> Maybe we need an additional check site after operands are fetched.
>
> --
> I have a truly marvellous patch that fixes the bug which this
> signature is too narrow to contain.
--
Gleb.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
