KVM: x86: decode_modrm does not regard modrm correctly

In one occassion, decode_modrm uses the rm field after it is extended with REX.B to determine the addressing mode. Doing so causes it not to read the offset for rip-relative addressing with REX.B=1. This patch moves the fetch where we already mask REX.B away instead. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Nadav Amit <namit@cs.technion.ac.il> 2014-11-02 11:54:41 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2014-11-07 15:44:01 +0100
commit: 5b38ab877e5bd6c6564f2f23f25e0c3d4768728a (patch)
tree: 707c85940c630b7d0aa61eb0cfe2c4fef9d2c381 /arch/x86/kvm/emulate.c
parent: 4114c27d450bef228be9c7b0c40a888e18a3a636 (diff)
download: linux-5b38ab877e5bd6c6564f2f23f25e0c3d4768728a.tar.bz2
1 files changed, 1 insertions, 4 deletions
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index cd2029bbab48..a4703eb9c1ed 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1223,6 +1223,7 @@ static int decode_modrm(struct x86_emulate_ctxt *ctxt,
 			if (index_reg != 4)
 				modrm_ea += reg_read(ctxt, index_reg) << scale;
 		} else if ((ctxt->modrm_rm & 7) == 5 && ctxt->modrm_mod == 0) {
+			modrm_ea += insn_fetch(s32, ctxt);
 			if (ctxt->mode == X86EMUL_MODE_PROT64)
 				ctxt->rip_relative = 1;
 		} else {
@@ -1231,10 +1232,6 @@ static int decode_modrm(struct x86_emulate_ctxt *ctxt,
 			adjust_modrm_seg(ctxt, base_reg);
 		}
 		switch (ctxt->modrm_mod) {
-		case 0:
-			if (ctxt->modrm_rm == 5)
-				modrm_ea += insn_fetch(s32, ctxt);
-			break;
 		case 1:
 			modrm_ea += insn_fetch(s8, ctxt);
 			break;
author	Nadav Amit <namit@cs.technion.ac.il>	2014-11-02 11:54:41 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-11-07 15:44:01 +0100
commit	5b38ab877e5bd6c6564f2f23f25e0c3d4768728a (patch)
tree	707c85940c630b7d0aa61eb0cfe2c4fef9d2c381 /arch/x86/kvm/emulate.c
parent	4114c27d450bef228be9c7b0c40a888e18a3a636 (diff)
download	linux-5b38ab877e5bd6c6564f2f23f25e0c3d4768728a.tar.bz2