• Nadav Amit's avatar
    KVM: x86: Stack size is overridden by __linearize · 1c1c35ae
    Nadav Amit authored
    When performing segmented-read/write in the emulator for stack operations, it
    ignores the stack size, and uses the ad_bytes as indication for the pointer
    size. As a result, a wrong address may be accessed.
    
    To fix this behavior, we can remove the masking of address in __linearize and
    perform it beforehand.  It is already done for the operands (so currently it is
    inefficiently done twice). It is missing in two cases:
    1. When using rip_relative
    2. On fetch_bit_operand that changes the address.
    
    This patch masks the address on these two occassions, and removes the masking
    from __linearize.
    
    Note that it does not mask EIP during fetch. In protected/legacy mode code
    fetch when RIP >= 2^32 should result in #GP and not wrap-around. Since we make
    limit checks within __linearize, this is the expected behavior.
    
    Partial revert of commit 518547b3 (KVM: x86: Emulator does not
    calculate address correctly, 2014-09-30).
    Signed-off-by: default avatarNadav Amit <namit@cs.technion.ac.il>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    1c1c35ae
emulate.c 130 KB