kern/54847: xsetbv value has uint16_t type instead of uint64_t

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54847: xsetbv value has uint16_t type instead of uint64_t
From: nevilad%yahoo.com@localhost
Date: Thu, 9 Jan 2020 15:45:00 +0000 (UTC)

>Number:         54847
>Category:       kern
>Synopsis:       xsetbv value has uint16_t type instead of uint64_t
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 09 15:45:00 +0000 2020
>Originator:     Alexey
>Release:        Found by reading the code
>Organization:
>Environment:
Found by reading the code
>Description:
vmx_exit_xsetbv in nvmm_x86_vmx.c is called when a guest executes xsetbv instruction. It sets the value from EDX:EAX to xcr0 register. The value 
is 64 bit long, but in the handler it has uint16_t type:

   1691 	uint16_t val;

The value is used as if it were 64 bits (that's right):
   1694 
   1695 	val = (cpudata->gprs[NVMM_X64_GPR_RDX] << 32) |
   1696 	    (cpudata->gprs[NVMM_X64_GPR_RAX] & 0xFFFFFFFF);

>How-To-Repeat:
Found by reading the code
>Fix:
Change the declaration of val to
   1691 	uint64_t val;

Prev by Date: Re: kern/54759 (vm.ubc_direct deadlock when read()/write() into mapping of itself)
Next by Date: Re: kern/54841: time(1) reports garbage user and system times again
Previous by Thread: Re: kern/54759 (vm.ubc_direct deadlock when read()/write() into mapping of itself)
Next by Thread: PR/54847 CVS commit: src/sys/dev/nvmm/x86
Indexes:

Home | Main Index | Thread Index | Old Index