KVM: x86: 32-bit wraparound read/write not emulated correctly

If we got a wraparound of 32-bit operand, and the limit is 0xffffffff, read and
writes should be successful. It just needs to be done in two segments.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 997c9ebb70efc5ea601e130b433288061ab0dda1..c3b07574942fa3169ec6e9f5460ccfcc5dd9100a 100644 (file)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -684,9 +684,13 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt,
                }
                if (addr.ea > lim)
                        goto bad;
-               *max_size = min_t(u64, ~0u, (u64)lim + 1 - addr.ea);
-               if (size > *max_size)
-                       goto bad;
+               if (lim == 0xffffffff)
+                       *max_size = ~0u;
+               else {
+                       *max_size = (u64)lim + 1 - addr.ea;
+                       if (size > *max_size)
+                               goto bad;
+               }
                la &= (u32)-1;
                break;
        }

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cdd6606e4c543803c4b518bb4ed56d11f0a017a1..1e10e3f7f5167d164c03fb82be0b5b2878b886ea 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4495,6 +4495,8 @@ int emulator_read_write(struct x86_emulate_ctxt *ctxt, unsigned long addr,
                if (rc != X86EMUL_CONTINUE)
                        return rc;
                addr += now;
+               if (ctxt->mode != X86EMUL_MODE_PROT64)
+                       addr = (u32)addr;
                val += now;
                bytes -= now;
        }