Re: LEAVE emulation infinite loop

[Avi Kivity <avi@redhat.com>]

On 04/24/2011 10:08 AM, Matteo Signorini wrote:
> Hello everybody,
> I have a problem with an opcode emulation not yet emulated in kvm-kmod
> 2.6.38-rc7.
> The opcode is the "LEAVE" that as Intel Manual says:
>
> "Set RSP to RBP, then pop RBP"
>
> The problem is that despite to the fact that the opcode of the leave
> (C9) is correctly fetched and decoded, it falls in an infinite loop
> (found by some printk debug prints)
>
> Now I'm wondering...the eip needed in order to continue the vm
> execution is moved-on by the insns_fetch operation so after the first
> byte decode of the LEAVE opcode I shouldn't execute it again...so what
> I'm doing wrong?
>
> I posted here the diff output so you can see which changes I made on
> kvm original source code
>
>
>          case 0xc5:              /* lds */
>                  rc = emulate_load_segment(ctxt, ops, VCPU_SREG_DS);
>                  break;
> +       case 0xc9:              /* leave */
> +               c->regs[VCPU_REGS_RSP] = c->regs[VCPU_REGS_RBP];
> +               rc = emulate_pop_sreg(ctxt, ops, VCPU_REGS_RBP);
> +               goto done;
>          case 0xcb:              /* ret far */
>                  rc = emulate_ret_far(ctxt, ops);
>                  break;
>
>

Why are you calling emulate_pop_sreg()? RBP is not a segment register.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.