* Re: [Qemu-devel] [PULL 24/25] target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns
@ 2016-12-23 19:33 Doug Evans
0 siblings, 0 replies; 2+ messages in thread
From: Doug Evans @ 2016-12-23 19:33 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-devel
Paolo Bonzini writes:
> From: Doug Evans <dje@google.com>
>
> The syscall and sysret instructions behave a bit differently:
> TF is checked after the instruction completes.
> This allows the o/s to disable #DB at a syscall by adding TF to FMASK.
> And then when the sysret is executed the #DB is taken "as if" the
> syscall insn just completed.
>
> Signed-off-by: Doug Evans <dje@google.com>
> Message-Id: <94eb2c0bfa1c6a9fec0543057483@google.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/bpt_helper.c | 7 +++++++
> target/i386/helper.h | 1 +
> target/i386/translate.c | 29 ++++++++++++++++++++++++-----
> 3 files changed, 32 insertions(+), 5 deletions(-)
>
> ...
> diff --git a/target/i386/translate.c b/target/i386/translate.c
> index 324103c..59e11fc 100644
> --- a/target/i386/translate.c
> +++ b/target/i386/translate.c
> @@ -6423,7 +6435,10 @@ static target_ulong disas_insn(CPUX86State *env,
DisasContext *s,
> tcg_const_i32(s->pc -
s->cs_base));
> set_cc_op(s, CC_OP_EFLAGS);
> }
> - gen_eob(s);
> + /* TF handling for the syscall insn is different. The TF bit is
checked
> + after the syscall insn completes. This allows #DB to not be
> + generated after one has entered CPL0 if TF is set in FMASK.
*/
> + gen_eob_worker(s, false, true);
> break;
> case 0xe8: /* call im */
> {
> @@ -7115,7 +7130,11 @@ static target_ulong disas_insn(CPUX86State *env,
DisasContext *s,
> if (s->lma) {
> set_cc_op(s, CC_OP_EFLAGS);
> }
> - gen_eob(s);
> + /* TF handling for the sysret insn is different. The TF bit
is
> + checked after the sysret insn completes. This allows #DB
to be
> + generated "as if" the syscall insn in userspace has just
> + completed. */
> + gen_eob_worker(s, false, true);
> }
> break;
> #endif
Hi. Just a heads up that this patch got applied wrong (patch does that some
times).
The change to the "syscall" insn got applied to the "iret" instruction
instead.
Working on a fix.
^ permalink raw reply [flat|nested] 2+ messages in thread* [Qemu-devel] [PULL 00/25] First round of misc patches for QEMU 2.9
@ 2016-12-22 15:22 Paolo Bonzini
2016-12-22 15:22 ` [Qemu-devel] [PULL 24/25] target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns Paolo Bonzini
0 siblings, 1 reply; 2+ messages in thread
From: Paolo Bonzini @ 2016-12-22 15:22 UTC (permalink / raw)
To: qemu-devel
The following changes since commit d1e8e8ecc3d2a1a72504912d671f1cbbac1b06e5:
Merge remote-tracking branch 'remotes/huth/tags/target-dirs-20161220' into staging (2016-12-21 21:11:48 +0000)
are available in the git repository at:
git://github.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 6c7c3c21f95dd9af8a0691c0dd29b07247984122:
x86: implement la57 paging mode (2016-12-22 16:01:04 +0100)
----------------------------------------------------------------
* core support for MemoryRegionCache from myself
* rules.mak speedup and cleanups from myself and Marc-Adnré
* multiboot command line fix from Vlad
* SCSI fixes from myself
* small qemu-timer speedup from myself
* x86 debugging improvements from Doug
* configurable Q35 devices from Chao
* x86 5-level paging support from Kirill
* x86 SHA_NI support for KVM from Yi Sun
* improved kvmclock migration logic from Marcelo
* bugfixes and doc fixes from others
----------------------------------------------------------------
Chao Peng (3):
pc: make smbus configurable
pc: make sata configurable
pc: make pit configurable
Doug Evans (2):
x86: Fix x86_64 'g' packet response to gdb from 32-bit mode.
target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns
Kirill A. Shutemov (1):
x86: implement la57 paging mode
Li Qiang (1):
watchdog: 6300esb: add exit function
Marc-André Lureau (1):
build-sys: remove libtool left-over
Marcelo Tosatti (2):
kvm: sync linux headers
kvmclock: reduce kvmclock difference on migration
Paolo Bonzini (9):
exec: optimize remaining address_space_* cases
exec: introduce memory_ldst.inc.c
exec: introduce address_space_extend_translation
exec: introduce MemoryRegionCache
rules.mak: speedup save-vars load-vars
rules.mak: add more rules to avoid chaining
virtio-scsi: introduce virtio_scsi_acquire/release
qemu-timer: check active_timers outside lock/event
scsi-disk: fix VERIFY for scsi-block
Vlad Lungu (1):
multiboot: copy the cmdline verbatim, unescape module strings
Yaowei Bai (3):
timer: fix misleading comment in timer.h
main-loop: update comment for qemu_mutex_lock/unlock_iothread
block: drop remaining legacy aio functions in comment
Yi Sun (1):
target-i386: Add Intel SHA_NI instruction support.
Ziyue Yang (1):
hw/block/pflash_cfi*.c: fix confusing assert fail message
.gitignore | 4 -
Makefile | 9 +-
Makefile.objs | 1 -
Makefile.target | 1 +
configure | 2 -
exec.c | 687 ++++-------------------------
hw/block/pflash_cfi01.c | 13 +
hw/block/pflash_cfi02.c | 13 +
hw/i386/kvm/clock.c | 142 +++++-
hw/i386/multiboot.c | 20 +-
hw/i386/pc.c | 68 ++-
hw/i386/pc_piix.c | 2 +-
hw/i386/pc_q35.c | 39 +-
hw/scsi/scsi-disk.c | 9 +-
hw/scsi/virtio-scsi.c | 27 +-
hw/watchdog/wdt_i6300esb.c | 9 +
include/block/aio.h | 4 +-
include/exec/cpu-all.h | 23 +
include/exec/cpu-common.h | 15 -
include/exec/memory.h | 166 +++++++
include/hw/i386/pc.h | 12 +
include/qemu/main-loop.h | 4 +-
include/qemu/timer.h | 2 +-
include/qemu/typedefs.h | 1 +
include/standard-headers/linux/input.h | 1 +
include/standard-headers/linux/pci_regs.h | 15 +-
linux-headers/asm-arm/kvm.h | 7 +
linux-headers/asm-x86/unistd_32.h | 3 +
linux-headers/asm-x86/unistd_64.h | 3 +
linux-headers/asm-x86/unistd_x32.h | 3 +
linux-headers/linux/kvm.h | 7 +
memory_ldst.inc.c | 709 ++++++++++++++++++++++++++++++
qemu-timer.c | 20 +-
rules.mak | 26 +-
target/i386/arch_memory_mapping.c | 42 +-
target/i386/bpt_helper.c | 7 +
target/i386/cpu.c | 18 +-
target/i386/cpu.h | 3 +
target/i386/gdbstub.c | 52 ++-
target/i386/helper.c | 54 ++-
target/i386/helper.h | 1 +
target/i386/kvm.c | 7 +
target/i386/kvm_i386.h | 1 +
target/i386/monitor.c | 234 +++++++---
target/i386/translate.c | 29 +-
45 files changed, 1722 insertions(+), 793 deletions(-)
create mode 100644 memory_ldst.inc.c
--
2.9.3
^ permalink raw reply [flat|nested] 2+ messages in thread* [Qemu-devel] [PULL 24/25] target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns 2016-12-22 15:22 [Qemu-devel] [PULL 00/25] First round of misc patches for QEMU 2.9 Paolo Bonzini @ 2016-12-22 15:22 ` Paolo Bonzini 0 siblings, 0 replies; 2+ messages in thread From: Paolo Bonzini @ 2016-12-22 15:22 UTC (permalink / raw) To: qemu-devel; +Cc: Doug Evans From: Doug Evans <dje@google.com> The syscall and sysret instructions behave a bit differently: TF is checked after the instruction completes. This allows the o/s to disable #DB at a syscall by adding TF to FMASK. And then when the sysret is executed the #DB is taken "as if" the syscall insn just completed. Signed-off-by: Doug Evans <dje@google.com> Message-Id: <94eb2c0bfa1c6a9fec0543057483@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- target/i386/bpt_helper.c | 7 +++++++ target/i386/helper.h | 1 + target/i386/translate.c | 29 ++++++++++++++++++++++++----- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/target/i386/bpt_helper.c b/target/i386/bpt_helper.c index 6fd7fe0..b3efdc7 100644 --- a/target/i386/bpt_helper.c +++ b/target/i386/bpt_helper.c @@ -244,6 +244,13 @@ void helper_single_step(CPUX86State *env) raise_exception(env, EXCP01_DB); } +void helper_rechecking_single_step(CPUX86State *env) +{ + if ((env->eflags & TF_MASK) != 0) { + helper_single_step(env); + } +} + void helper_set_dr(CPUX86State *env, int reg, target_ulong t0) { #ifndef CONFIG_USER_ONLY diff --git a/target/i386/helper.h b/target/i386/helper.h index 4e859eb..bd9b2cf 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -79,6 +79,7 @@ DEF_HELPER_2(cmpxchg16b_unlocked, void, env, tl) DEF_HELPER_2(cmpxchg16b, void, env, tl) #endif DEF_HELPER_1(single_step, void, env) +DEF_HELPER_1(rechecking_single_step, void, env) DEF_HELPER_1(cpuid, void, env) DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) diff --git a/target/i386/translate.c b/target/i386/translate.c index 324103c..59e11fc 100644 --- a/target/i386/translate.c +++ b/target/i386/translate.c @@ -2500,8 +2500,10 @@ static void gen_bnd_jmp(DisasContext *s) } /* Generate an end of block. Trace exception is also generated if needed. - If IIM, set HF_INHIBIT_IRQ_MASK if it isn't already set. */ -static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit) + If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. + If RECHECK_TF, emit a rechecking helper for #DB, ignoring the state of + S->TF. This is used by the syscall/sysret insns. */ +static void gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf) { gen_update_cc_op(s); @@ -2517,6 +2519,9 @@ static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit) } if (s->singlestep_enabled) { gen_helper_debug(cpu_env); + } else if (recheck_tf) { + gen_helper_rechecking_single_step(cpu_env); + tcg_gen_exit_tb(0); } else if (s->tf) { gen_helper_single_step(cpu_env); } else { @@ -2525,10 +2530,17 @@ static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit) s->is_jmp = DISAS_TB_JUMP; } +/* End of block. + If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. */ +static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit) +{ + gen_eob_worker(s, inhibit, false); +} + /* End of block, resetting the inhibit irq flag. */ static void gen_eob(DisasContext *s) { - gen_eob_inhibit_irq(s, false); + gen_eob_worker(s, false, false); } /* generate a jump to eip. No segment change must happen before as a @@ -6423,7 +6435,10 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, tcg_const_i32(s->pc - s->cs_base)); set_cc_op(s, CC_OP_EFLAGS); } - gen_eob(s); + /* TF handling for the syscall insn is different. The TF bit is checked + after the syscall insn completes. This allows #DB to not be + generated after one has entered CPL0 if TF is set in FMASK. */ + gen_eob_worker(s, false, true); break; case 0xe8: /* call im */ { @@ -7115,7 +7130,11 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, if (s->lma) { set_cc_op(s, CC_OP_EFLAGS); } - gen_eob(s); + /* TF handling for the sysret insn is different. The TF bit is + checked after the sysret insn completes. This allows #DB to be + generated "as if" the syscall insn in userspace has just + completed. */ + gen_eob_worker(s, false, true); } break; #endif -- 2.9.3 ^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-23 19:33 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-23 19:33 [Qemu-devel] [PULL 24/25] target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns Doug Evans -- strict thread matches above, loose matches on Subject: below -- 2016-12-22 15:22 [Qemu-devel] [PULL 00/25] First round of misc patches for QEMU 2.9 Paolo Bonzini 2016-12-22 15:22 ` [Qemu-devel] [PULL 24/25] target-i386: Fix eflags.TF/#DB handling of syscall/sysret insns Paolo Bonzini
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.