projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8fff5e3)
KVM: x86: Dirty the dest op page on cmpxchg emulation
authorNadav Amit <namit@cs.technion.ac.il>
Mon, 26 Jan 2015 07:32:21 +0000 (09:32 +0200)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 26 Jan 2015 11:14:18 +0000 (12:14 +0100)
Intel SDM says for CMPXCHG: "To simplify the interface to the processor’s bus,
the destination operand receives a write cycle without regard to the result of
the comparison.". This means the destination page should be dirtied.

Fix it to by writing back the original value if cmpxchg failed.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/emulate.c patch | blob | blame | history

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index ef23c1e5fa9fb42442e6e2a53c7567594789fbb8..aa272545402ecad0384bbb7db9686f13ca62e217 100644 (file)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2205,12 +2205,15 @@ static int em_cmpxchg(struct x86_emulate_ctxt *ctxt)
        fastop(ctxt, em_cmp);
 
        if (ctxt->eflags & EFLG_ZF) {
-               /* Success: write back to memory. */
+               /* Success: write back to memory; no update of EAX */
+               ctxt->src.type = OP_NONE;
                ctxt->dst.val = ctxt->src.orig_val;
        } else {
                /* Failure: write the value we saw to EAX. */
-               ctxt->dst.type = OP_REG;
-               ctxt->dst.addr.reg = reg_rmw(ctxt, VCPU_REGS_RAX);
+               ctxt->src.type = OP_REG;
+               ctxt->src.addr.reg = reg_rmw(ctxt, VCPU_REGS_RAX);
+               ctxt->src.val = ctxt->dst.orig_val;
+               /* Create write-cycle to dest by writing the same value */
                ctxt->dst.val = ctxt->dst.orig_val;
        }
        return X86EMUL_CONTINUE;
@@ -4157,7 +4160,7 @@ static const struct opcode twobyte_table[256] = {
        F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
        GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul),
        /* 0xB0 - 0xB7 */
-       I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg),
+       I2bv(DstMem | SrcReg | ModRM | Lock | PageTable | SrcWrite, em_cmpxchg),
        I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg),
        F(DstMem | SrcReg | ModRM | BitOp | Lock, em_btr),
        I(DstReg | SrcMemFAddr | ModRM | Src2FS, em_lseg),