i386/hvf: Fix for UB in handling CPUID function 0xD
The handling for CPUID function 0xD (supported XSAVE features) was improved in a recent patch. Unfortunately, this appears to have introduced undefined behaviour for cases where ecx > 30, as the result of (1 << idx) is undefined if idx > 30. Per Intel SDM section 13.2, the behaviour for ecx values up to and including 62 are specified. This change therefore specifically sets all registers returned by the CPUID instruction to 0 for 63 and higher. Furthermore, the bit shift uses uint64_t, where behaviour for the entire range of 2..62 is safe and correct. Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu> Link: https://lore.kernel.org/r/20241105155800.5461-3-phil@philjordan.eu Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
0e27f3a5d0
commit
e3150028ff
@ -119,8 +119,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
|
|||||||
eax = 0;
|
eax = 0;
|
||||||
break;
|
break;
|
||||||
case 0xD:
|
case 0xD:
|
||||||
if (!supported_xcr0 ||
|
if (!supported_xcr0 || idx >= 63 ||
|
||||||
(idx > 1 && !(supported_xcr0 & (1 << idx)))) {
|
(idx > 1 && !(supported_xcr0 & (UINT64_C(1) << idx)))) {
|
||||||
eax = ebx = ecx = edx = 0;
|
eax = ebx = ecx = edx = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user