diff options
| author | Jan Beulich <jbeulich@suse.com> | 2013-10-14 09:50:16 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-10-14 09:50:16 +0200 |
| commit | f21399e148386ecf3826ab81159eca58cfab2147 (patch) | |
| tree | 658790e97a8ad57938021db95c551d61b2db9af2 /xen/arch/x86/hvm/io.c | |
| parent | 7ab6af234f9c140418e6aae177928d00abbb628b (diff) | |
| download | xen-f21399e148386ecf3826ab81159eca58cfab2147.tar.gz xen-f21399e148386ecf3826ab81159eca58cfab2147.tar.bz2 xen-f21399e148386ecf3826ab81159eca58cfab2147.zip | |
x86/HVM: properly handle backward string instruction emulation
Multiplying a signed 32-bit quantity with an unsigned 32-bit quantity
produces an unsigned 32-bit result, yet for emulation of backward
string instructions we need the result sign extended before getting
added to the base address.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/arch/x86/hvm/io.c')
| -rw-r--r-- | xen/arch/x86/hvm/io.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c index 5f5009a179..77698c4db2 100644 --- a/xen/arch/x86/hvm/io.c +++ b/xen/arch/x86/hvm/io.c @@ -294,7 +294,7 @@ void hvm_io_assist(void) static int dpci_ioport_read(uint32_t mport, ioreq_t *p) { - int i, sign = p->df ? -1 : 1; + int i, step = p->df ? -p->size : p->size; uint32_t data = 0; for ( i = 0; i < p->count; i++ ) @@ -317,8 +317,7 @@ static int dpci_ioport_read(uint32_t mport, ioreq_t *p) if ( p->data_is_ptr ) { int ret; - ret = hvm_copy_to_guest_phys(p->data + (sign * i * p->size), &data, - p->size); + ret = hvm_copy_to_guest_phys(p->data + step * i, &data, p->size); if ( (ret == HVMCOPY_gfn_paged_out) || (ret == HVMCOPY_gfn_shared) ) return X86EMUL_RETRY; @@ -332,7 +331,7 @@ static int dpci_ioport_read(uint32_t mport, ioreq_t *p) static int dpci_ioport_write(uint32_t mport, ioreq_t *p) { - int i, sign = p->df ? -1 : 1; + int i, step = p->df ? -p->size : p->size; uint32_t data; for ( i = 0; i < p->count; i++ ) @@ -340,8 +339,7 @@ static int dpci_ioport_write(uint32_t mport, ioreq_t *p) data = p->data; if ( p->data_is_ptr ) { - switch ( hvm_copy_from_guest_phys(&data, - p->data + sign * i * p->size, + switch ( hvm_copy_from_guest_phys(&data, p->data + step * i, p->size) ) { case HVMCOPY_okay: |