x86_emulate: INS/OUTS need Mov attribute to force writeback (since

dst.orig_val is not initialised). Also, Mov attribute on cmpxchg is
not necessary -- when destination is memory (i.e., successful cmpxchg)
then dst.orig_val is already correctly filled in. In case that
dst.orig_val == dst.val then the instruction linearises at the point
we first read the destination (and initialised dst.orig_val).
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

1 files changed, 1 insertions, 3 deletions

diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c
index d75f49c504..a9f60faacf 100644
--- a/xen/arch/x86/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate.c
@@ -106,7 +106,7 @@ static uint8_t opcode_table[256] = {
     /* 0x68 - 0x6F */
     ImplicitOps|Mov, DstReg|SrcImm|ModRM|Mov,
     ImplicitOps|Mov, DstReg|SrcImmByte|ModRM|Mov,
-    ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
+    ImplicitOps|Mov, ImplicitOps|Mov, ImplicitOps|Mov, ImplicitOps|Mov,
     /* 0x70 - 0x77 */
     ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
     ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps,
@@ -2862,8 +2862,6 @@ x86_emulate(
         src.orig_val = src.val;
         src.val = _regs.eax;
         emulate_2op_SrcV("cmp", src, dst, _regs.eflags);
-        /* Always write back. The question is: where to? */
-        d |= Mov;
         if ( _regs.eflags & EFLG_ZF )
         {
             /* Success: write back to memory. */