From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] x86 emulator: Add IRET instruction
Date: Mon, 26 Jul 2010 11:31:53 +0200
Message-ID: <4C4D5609.6060406@redhat.com>
References: <1280085618-27368-1-git-send-email-m.gamal005@gmail.com>	<4C4CCFD0.6090203@redhat.com> <AANLkTi=yCp6URrNdnNri4SG_VdvQdLBdZmH6uhCUwON3@mail.gmail.com> <4C4D4BB7.6010309@redhat.com> <4C4D4EC0.9070804@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252;
	format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: Mohammed Gamal <m.gamal005@gmail.com>, mtosatti@redhat.com,
	kvm@vger.kernel.org
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-bw0-f46.google.com ([209.85.214.46]:64978 "EHLO
	mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753835Ab0GZJb5 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 26 Jul 2010 05:31:57 -0400
Received: by bwz1 with SMTP id 1so2661973bwz.19
        for <kvm@vger.kernel.org>; Mon, 26 Jul 2010 02:31:56 -0700 (PDT)
In-Reply-To: <4C4D4EC0.9070804@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 07/26/2010 11:00 AM, Avi Kivity wrote:
> On 07/26/2010 11:47 AM, Paolo Bonzini wrote:
>>> I don't think this is needed. The temp_eflags value is assigned
>>> directly to eflags if we're operand size is 16 bits. At least
>>> that's what the Intel manual says!
>>
>> That's fine, but please make sure that
>>
>> mov %sp, %bp
>>  orw $2, 4(%bp)
>>  iret
>>
>> followed at return site by
>>
>> pushf
>> popw %ax
>>
>> does not set bit 1 in %ax. That's the important point (also see how
>> emulate_popf avoids magic hex constants).
>
> Moreover, vmx will fail the next entry if this is not done. 23.3.1.4
> says:
>
>> RFLAGS. =97 Reserved bits 63:22 (bits 31:22 on processors that do no=
t
>> support Intel 64 architecture), bit 15, bit 5 and bit 3 must be 0
>> in the field, and reserved bit 1 must be 1.

(I remembered one bit had to be 1, but failed to recall which one.  I=20
should have looked up SAHF in the manual).  This means that my code=20
actually should be

  mov %sp, %bp
  orw $8, 4(%bp)
  iret

followed by testing bit 3.

The emulate_popf approach that explicitly lists bits taken from the=20
stack seems more robust.  For example, Mohammed's "if (c->op_bytes =3D=3D=
=20
4)" code leaves bit 1 cleared:

     temp_eflags =3D ((temp_eflags & 0x257fd5)
           | (ctxt->eflags & 0x1a0000));

(But then it is probably never used since only a 32-bit code segment in=
=20
unreal mode would trigger it).

Paolo